New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting Site-to-Zone policy will remove SharePoint Online Trusted sites additions by default #63535
Comments
@ChrisAtMAF I'll be closing this one since it looks like the article linked to the other question is more relevant to what you're asking. |
Hey @JamesTran-MSFT - both articles reference setting the 'Site-to-Zone' setting via Group Policy (to different ends) so they probably both need updating since it will be a side-effect of either process. But can discuss in the other article first if you like. |
@ChrisAtMAF |
@ChrisAtMAF |
Thanks. You can see that the OneDrive client attempts to add these files automatically on client computers by checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com[tenantname]-files and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com[tenantname]-myfiles on any device. The main experience that I remember seeing is if you try to open a OneDrive file on your desktop from the OneDrive file, the computer pops up a security warning without these keys set. I also believe we saw some hangs and slowdowns as a result, Here's another page that indicates some of these entries require putting in for smooth running: https://docs.microsoft.com/en-us/sharepoint/troubleshoot/lists-and-libraries/troubleshoot-issues-using-open-with-explorer Hope we can get this sorted! |
This github issue needs to be re-opened with SharePoint. The issue doesn't appear to be with single sign-on. #please-close |
We experienced a number of issues with SharePoint Online / OneDrive integration after making these changes. It turns out that the OneDrive client adds the following sites to the 'Trusted' security zone in Internet Explorer on a computer by default, but these default entries are 'overridden' when setting Site to Zone via Group Policy:
https://[tenantname]-files.sharepoint.com -> 2 (Trusted Sites)
https://[tenantname]-myfiles.sharepoint.com -> 2 (Trusted Sites)
Without those settings we experienced various hangs in OneDrive and issues with the new Office file collaboration settings with OneDrive Sync.
According to these pages, it is best practice to have these entries added. Therefore if you are recommending users to configure the Site to Zone policy when using Office 365, you should advise them to add these entries as well
https://support.office.com/en-US/client/results?Shownav=true&lcid=1033&version=15&omkt=en-US&ver=15&HelpID=O365E_AppLTrustedSites
https://techcommunity.microsoft.com/t5/sharepoint/adding-the-sharepoint-online-url-to-the-trusted-site-zones-in-ie/m-p/140590/highlight/true#M12753
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: