STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft OneDrive Security Technical Implementation Guide

V-230564

CAT II (Medium)

The use of personal accounts for OneDrive synchronization must be disabled.

Rule ID

SV-230564r960963_rule

STIG

Microsoft OneDrive Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000381

Discussion

OneDrive provides access to external services for data storage, which must be restricted to authorized instances. Enabling this setting will prevent the use of personal OneDrive accounts for synchronization.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Policies\Microsoft\OneDrive\

Value Name: DisablePersonalSync

Value Type: REG_DWORD
Value: 0x00000001 (1)

Fix Text

Configure the policy value for User Configuration >> Administrative Templates >> OneDrive >> "Prevent users from syncing personal OneDrive accounts" to "Enabled". 

Group policy files for OneDrive are located on a system with OneDrive in "%localappdata%\Microsoft\OneDrive\BuildNumber\adm\".

Copy the OneDrive.admx and .adml files to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.