STIGQter: STIG Summary: Microsoft OneDrive Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 13 Nov 2020:

The use of personal accounts for OneDrive synchronization must be disabled.

DISA Rule

SV-230564r569322_rule

Vulnerability Number

V-230564

Group Title

SRG-APP-000141

Rule Version

DTOO607

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Configure the policy value for User Configuration >> Administrative Templates >> OneDrive >> "Prevent users from synchronizing personal OneDrive accounts" to "Enabled".

Group policy files for OneDrive are located on a system with OneDrive in "%localappdata%\Microsoft\OneDrive\BuildNumber\adm\".

Copy the OneDrive.admx and .adml files to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

Check Contents

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Policies\Microsoft\OneDrive\

Value Name: DisablePersonalSync

Value Type: REG_DWORD
Value: 0x00000001 (1)

Vulnerability Number

V-230564

Documentable

False

Rule Version

DTOO607

Severity Override Guidance

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Policies\Microsoft\OneDrive\

Value Name: DisablePersonalSync

Value Type: REG_DWORD
Value: 0x00000001 (1)

Check Content Reference

M

Target Key

4015

Comments