Managing User Profiles in Microsoft SharePoint Online for Office 365

OneDrive for Business

OneDrive for Business is an Office 2013 client that replaces the old SharePoint Workspace by giving you the ability to synchronize document libraries and lists from SharePoint Online to your local hard drive. But it also acts as a client you can use to save directly from your local hard drive to a document library or list sitting in the cloud. At its core, however, it is an evolution of the My Site document library. Essentially, OneDrive for Business is a cloud-based, SharePoint-based document library in which individual business customers can save documents that can be consumed by others in the organization.

The OneDrive for Business client installs with the Office 2013 Pro Plus package on your user’s workstation or other device. Your users then invoke OneDrive for Business by clicking on the OneDrive For Business link within the Office 365 menu from your Start/Programs/Office 365 menu selections.

When OneDrive for Business installs, it will be automatically added to your user’s Favorites in the File Save-As dialog box of the Office client as well as in Windows Explorer. Any interfaces that borrow the File Save-As information will also include the OneDrive for Business information. From a user’s perspective, OneDrive for Business will be named using the name of Office 365 tenant. For example, if your tenant was named something.onmicrosoft.com, OneDrive for Business will appear in the various interfaces as OneDrive – Something.

Once OneDrive for Business is configured, users can use their My Site document library to store documents. And they will have drag-and-drop, cut-and-paste, and other common document-management functionalities between their Windows Explorer and OneDrive for Business when it is opened using Windows Explorer. It will look and feel like another drive in which they can manage their documents.

OneDrive for Business also works with the synchronization capabilities built in to the document libraries and lists within SharePoint Online. Each time a user synchronizes a document library, it is added to the SharePoint folder in the File Save-As interface as well as Windows Explorer. (See Figure 2-14.) The names are long and not configurable. For example, a synchronized document library named Corporate Documents will appear in the interface as Something Team Site – Corporate Documents if it is synchronized from a default site collection (where Something is a placeholder for the name of your tenant). New site collections will not take on this naming convention, as illustrated in Figure 2-14. Note also that synchronized libraries do not appear with the OneDrive for Business folder in the interface even though they are managed by the OneDrive for Business client.

Figure 2-14 OneDrive for Business and document libraries interface (illustrating on the right side how some library names are cut off because the combination of the default names)

There are considerable risks with OneDrive for Business. It is nested deeply enough in the more recent Office 365 deployments that it will be difficult to turn off. Hence, it’s best to embrace and manage this technology as opposed to attempting to limit it or shut it down, in my opinion. But the risks that I outline here should not be overlooked as you build out your SharePoint Online deployment.

First, by default, the Everyone Group except External Users will have Contribute permissions on each user’s OneDrive document library. This is a considerable security risk in that users who don’t understand this default setting might copy sensitive information to their OneDrive for Business instance only to find they have widely exposed that information. Training should emphasize the governance rules you set up to mitigate this risk. One governance rule, for example, could be that users are not placed into the group that has My Site capabilities until they have completed both My Site and OneDrive for Business training. (See the section “Manage user profile permissions” earlier in this chapter for more information.)

Second, some users will have the tendency to upload their entire My Documents to OneDrive for Business because of their ability to access their document from multiple clients, such as iPads or Android devices. This can be a real support issue because of the speed at which documents are synchronized. In my own testing, I found that it took days to copy nearly 20,000 documents to my OneDrive for Business library. Although faster bandwidth will help, you should not be under any illusions as to how long this will take and the amount of bandwidth that will be consumed. One governance idea to reduce the risk of consuming too much bandwidth is to have people synchronize only a portion of their My Documents in a single administrative activity’say, no more than 1000 or 2000 documents’and to run that process during night or weekend hours, presumably when you have more available bandwidth.

Third, users might want to use document libraries like file servers, because document libraries can be more accessible from the cloud than file servers are from the Internet. The thought will be this: “Since we can synchronize file servers to the cloud, we can make those files more accessible than before.” Although that sounds logical, simply grabbing the files on a file server and copying (or synchronizing) them to a document library is not a good idea. Most file servers have old, outdated, and redundant documents. Before your users upload entire sets of documents from a file server, you should require a file server “cleaning out” project to remove old, outdated, and redundant files from the file server. The risk of not reorganizing files on a file server and not scrubbing the system of unneeded files is that whatever misery and loss of efficiencies you’re currently experiencing with your file servers will be transferred to your Office 365 tenant. This transfer of problems will artificially increase your tenant costs and do nothing to introduce efficiencies into your work processes.

Fourth, at the time of this writing, Office 365 does not have endpoint security solutions or any type of a compliance center. While it is possible today for users to download and take sensitive, company information to their local, personal devices, OneDrive for Business makes it even easier to do this. Once files are copied from the network, they are out of your control, for all practical purposes. One idea on governing the downloading of company documents onto personal devices is to require personal devices be set up to work with your company’s rights-management solution. So at least there would be some enforced privacy on certain documents even when they are copied off network to a personal device. This isn’t a solution that will always work, but it is one idea to work with. Another governance idea is to purchase third-party software that inputs a watermark onto downloaded documents that contains security warnings and other needed information.

Last, the introduction of OneDrive for Business is likely to contribute to confusion at the desktop as users wonder where they should be storing which files. The solution to this problem depends on your Enterprise Content Management (ECM) architecture’understand what your major “buckets” of information are, which platforms are used to host and manage those buckets, and how your processes use information for both inputs and outputs. As Office 365 is rolled out, it’s best to take the time to define when users should use file servers, document libraries, OneDrive for Business, My Documents, and so forth and to define, at least in broad terms, what documents should be hosted within which technology. Lower overhead costs come from the standardization of processes, not their randomization. OneDrive for Business and Office 365 might introduce ECM randomization if it is not properly managed, and that will drive up overhead costs.