STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft OneDrive Security Technical Implementation Guide

V-230564

CAT II (Medium)

The use of personal accounts for OneDrive synchronization must be disabled.

Rule ID

SV-230564r960963_rule

STIG

Microsoft OneDrive Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000381

Discussion

OneDrive provides access to external services for data storage, which must be restricted to authorized instances. Enabling this setting will prevent the use of personal OneDrive accounts for synchronization.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Policies\Microsoft\OneDrive\

Value Name: DisablePersonalSync

Value Type: REG_DWORD
Value: 0x00000001 (1)

Fix Text

Configure the policy value for User Configuration >> Administrative Templates >> OneDrive >> "Prevent users from syncing personal OneDrive accounts" to "Enabled". 

Group policy files for OneDrive are located on a system with OneDrive in "%localappdata%\Microsoft\OneDrive\BuildNumber\adm\".

Copy the OneDrive.admx and .adml files to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.