We in the early stages of migrating our on-prem files to SP. I’m assuming that staff will want to sync SP to their personal computer since i don’t have the budget to buy them laptops in addition to their office computers. The obvious question is what happens when they quit. They’ll still have files on their home computer. i do trust them to do the right thing when they leave staff but i just wanted to figure out policies before we make the cut-over.
I found this support post to be helpful https://support.office.com/en-us/article/remove-a-former-employee-from-office-365-44d96212-4d90-4027-9aa9-a95eddb367d1
There is not a way to remove downloaded copies of files from personal devices. To completely protect your data, you would need to prevent them from downloading to unauthorized devices, which should be in the admin console settings.
This is perfect. thank you
To deal with this situation properly you would need to look at Information Rights Management. IRM SharePoint lists are now supported in the OneDrive for Business Sync Tool: https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-sync-on-Windows-now-supports-IRM-protected-SharePoint/ba-p/146796
If the documents are NOT IRM protected then there’s nothing you can do about it once a user has them on their own computer.
Excellent resource. thank you
By default, there isn’t any way to block access to files that did get locally synced, but as I recall, you can have some control over BYOD Windows data access if you are using Azure AD/Intune and they use the Windows 10 “Access work or School” feature, but it’s been a while since I tried that. View the BYOD and “Connecting to MDM on a desktop” sections. One thing you might want to explore as well is “Microsoft Azure Information Protection” which includes the agent for Sharepoint IRM and RMS that Ronnie Mentioned.
I’ll check it out. thanks