Ensure OneDrive sync is restricted for unmanaged devices
Why This Matters
When users sync OneDrive files to devices your organization does not manage, those endpoints fall outside your security policies, endpoint protection, and device compliance controls. This creates a direct path for data leakage, whether accidental or intentional, because you lose visibility and control over synced content. For IT administrators, restricting sync to managed devices is a critical control to keep organizational data within trusted boundaries.
What Aether365 Checks
This check verifies that the OneDrive sync setting restricts file syncing to only computers joined to specific Active Directory domains (using the domain GUID). It appears in the Aether365 dashboard under microsoft-365 checks with a medium severity rating.