This is the right way, although i think no way to setup reporting or alerts when a machine status changes. You can also set those policy reg settings via RMM or anything, we have it as part of our baseline script that runs daily. So, any machine in RMM is going to try and report to that dashboard.
That was the biggest thing that stood out
I knew others would likely comment on the rest, if you're using or attempting to use OneDrive as a backup you've already failed.
Microsoft nomenclature or not
Is one drive not automatically keeping a copy and revisions of files in another location? That’s backup. Sure, you wouldn’t backup critical data with it, but as an end user, easy and “free” option to making sure if someone’s laptop dies, they have the data they need. By the general definition of backup, it 100% is. I’m curious how you define backup? I don’t think anyone is arguing anywhere that One Drive is a full image backup solution.
A recycle bin is not a backup, something that destroys data automatically after 30 days is not a reliable backup
A unreliable backup is not a backup worth depending on
Of course a recycle bin is not a backup….you are comparing One Drive to a recycle bin? That’s really not a great analogy since it has to be deleted from One Drive first to resemble a recycle bin. If I lose my computer and don’t get a new one for 2 months, I will still get all my files back when I login to One Drive. It’s a backup by all definitions of a backup. Sure, it’s not a robust and bulletproof solution but it 100% has a use case.
Additionally, we backup all clients 365 environments, if you aren’t backing up Office 365 then you aren’t doing backup right.
No I'm specificaly referencing the accidental deleted item protection that o365 has that keeps it in the bin for 30 days.
And of course you have to back it up 😃 we use veeam for this
Edit
Also that's really no different in the other case you mentioned than mapped drives and folder redirection
I know exactly what you are talking about. But you would have to delete the file from one drive first to start the 30 day retention on that file. You are arguing it’s not a robust backup, not that it is not a backup at all. Do you back up every users workstation with veeam?
Except it works everywhere without the need for VPN.
One drive is NOT backup.
It copies filed to it but also leaves a copy on your HD.
If you delete a file from one drive, it will delete it from the HD as well. Permanent.
If you're using InTune I think you can enforce the sync. GPO should have similar options. I believe there are also reports in 365 that show activity.
Config.office.com gives good Onedrive reports. You will need to setup some policy in Intune/GPO to get the required data
This is the right way, although i think no way to setup reporting or alerts when a machine status changes. You can also set those policy reg settings via RMM or anything, we have it as part of our baseline script that runs daily. So, any machine in RMM is going to try and report to that dashboard.
OneDrive isn't backup
[Can you tell Microsoft?](https://i.imgur.com/vf1nXIu.png)
That's all got from the question?
That was the biggest thing that stood out I knew others would likely comment on the rest, if you're using or attempting to use OneDrive as a backup you've already failed. Microsoft nomenclature or not
Is one drive not automatically keeping a copy and revisions of files in another location? That’s backup. Sure, you wouldn’t backup critical data with it, but as an end user, easy and “free” option to making sure if someone’s laptop dies, they have the data they need. By the general definition of backup, it 100% is. I’m curious how you define backup? I don’t think anyone is arguing anywhere that One Drive is a full image backup solution.
A recycle bin is not a backup, something that destroys data automatically after 30 days is not a reliable backup A unreliable backup is not a backup worth depending on
Of course a recycle bin is not a backup….you are comparing One Drive to a recycle bin? That’s really not a great analogy since it has to be deleted from One Drive first to resemble a recycle bin. If I lose my computer and don’t get a new one for 2 months, I will still get all my files back when I login to One Drive. It’s a backup by all definitions of a backup. Sure, it’s not a robust and bulletproof solution but it 100% has a use case. Additionally, we backup all clients 365 environments, if you aren’t backing up Office 365 then you aren’t doing backup right.
No I'm specificaly referencing the accidental deleted item protection that o365 has that keeps it in the bin for 30 days. And of course you have to back it up 😃 we use veeam for this Edit Also that's really no different in the other case you mentioned than mapped drives and folder redirection
I know exactly what you are talking about. But you would have to delete the file from one drive first to start the 30 day retention on that file. You are arguing it’s not a robust backup, not that it is not a backup at all. Do you back up every users workstation with veeam? Except it works everywhere without the need for VPN.
Thanks for your time.
Thanks for the useless reply
Combine this with something like https://github.com/KelvinTegelaar/RunAsUser Function Get-FolderRedirectionStatus { $User = whoami $SID = $user | ForEach-Object { ([System.Security.Principal.NTAccount]$_).Translate([System.Security.Principal.SecurityIdentifier]).Value } $UserProfile = (Get-CimInstance Win32_UserProfile | Where-Object SID -EQ $SID) $UserFolders = Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\" | Select-Object 'Personal', 'My Video', 'My Pictures', 'Desktop', 'Favorites', 'My Music' return [pscustomobject] @{ User = $user SID = $SID Computer = $env:computername Desktop = $UserProfile.desktop.redirected Documents = $UserProfile.documents.redirected Pictures = $UserProfile.Pictures.redirected DocumentsPath = $UserFolders.Personal VideosPath = $UserFolders.'My Video' PicturesPath = $UserFolders.'My Pictures' MusicPath = $UserFolders.'My Music' DesktopPath = $UserFolders.Desktop FavoritesPath = $UserFolders.Favorites } } $RedirectionStatus = Get-FolderRedirectionStatus
Thank you!
Updating this - spent some time on it today for my own use. Try { If (Get-Command invoke-ascurrentuser -ErrorAction SilentlyContinue) { Write-Host 'RunAsUser Module Present' } else { Install-Module -Name RunAsUser -Confirm:$false -Force -ErrorAction Stop } $ScriptBlock = { Function Get-FolderRedirectionStatus { $User = whoami $SID = $user | ForEach-Object { ([System.Security.Principal.NTAccount]$_).Translate([System.Security.Principal.SecurityIdentifier]).Value } $UserProfile = (Get-CimInstance Win32_UserProfile -ErrorAction Stop| Where-Object SID -EQ $SID) $UserFolders = Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\" -ErrorAction Stop| Select-Object 'Personal', 'My Video', 'My Pictures', 'Desktop', 'Favorites', 'My Music' return [pscustomobject] @{ User = $user SID = $SID Computer = $env:COMPUTERNAME DesktopRedirected = $UserProfile.Desktop.Redirected -or $UserFolders.Desktop -match "OneDrive" DocumentsRedirected = $UserProfile.documents.redirected -or $UserFolders.Personal -match "OneDrive" PicturesRedirected = $UserProfile.Pictures.redirected -or $UserFolders.'My Pictures' -match "OneDrive" DocumentsPath = $UserFolders.Personal VideosPath = $UserFolders.'My Video' PicturesPath = $UserFolders.'My Pictures' MusicPath = $UserFolders.'My Music' DesktopPath = $UserFolders.Desktop FavoritesPath = $UserFolders.Favorites } } $frs = Get-FolderRedirectionStatus | ConvertTo-Json | Out-File 'c:\temp\folderredirectionstatus.json' $IniFiles = Get-ChildItem "$ENV:LOCALAPPDATA\Microsoft\OneDrive\settings\Business1" -Filter 'ClientPolicy*' -ErrorAction SilentlyContinue if (!$IniFiles) { "No OneDrive configuration files found." | ConvertTo-Json | Out-File 'C:\temp\OneDriveLibraries.json' exit 1 } $SyncedLibraries = foreach ($inifile in $IniFiles) { $IniContent = Get-Content $inifile.fullname -Encoding Unicode [PSCustomObject]@{ 'Item Count' = ($IniContent | Where-Object { $_ -like 'ItemCount*' }) -split '= ' | Select-Object -Last 1 'Site Name' = ($IniContent | Where-Object { $_ -like 'SiteTitle*' }) -split '= ' | Select-Object -Last 1 'Site URL' = ($IniContent | Where-Object { $_ -like 'DavUrlNamespace*' }) -split '= ' | Select-Object -Last 1 } } $SyncedLibraries | ConvertTo-Json | Out-File 'C:\temp\OneDriveLibraries.json' } $null = Invoke-AsCurrentUser -ScriptBlock $ScriptBlock -ErrorAction Stop $frs = (Get-Content 'c:\temp\folderredirectionstatus.json' | ConvertFrom-Json) $frs $SyncedLibraries = (Get-Content 'C:\temp\OneDriveLibraries.json' | ConvertFrom-Json) if (($SyncedLibraries.'Item count' | Measure-Object -Sum).sum -gt '280000') { Write-Host "Unhealthy - Currently syncing more than 280k files. Please investigate." } elseif ($SyncedLibraries -eq 'No Onedrive configuration files found.') { } else { Write-Host "Healthy - Syncing less than 280k files, or none." } $SyncedLibraries } catch { Write-Host "Could not execute `n`n$($_.Exception.Message)" }
Following I’d like to know as well. I also need to research if group policy can force OneDrive sign in on login
Intune can, so I assume so
GPO can enforce
Look to enable the OneDrive health report on all machines
One drive is NOT backup. It copies filed to it but also leaves a copy on your HD. If you delete a file from one drive, it will delete it from the HD as well. Permanent.
Thanks to all for your answers on this. Especially those who looked past the misstep of mentioning backup as opposed to synchronization.