For administrators who manage ChromeOS devices for a business or school.
Azure application / Data transfer and storage
It has come to our attention that some organizations have incorrectly assumed that the authorization in Azure grants Google server-side services access to your users' data in OneDrive, beyond just authorizing the endpoints to make Microsoft OneDrive available.
For clarity: The app implements the Microsoft Graph API that enables access to Microsoft Cloud service resources. On ChromeOS, we use our fileSystemProvider API to introduce Microsoft OneDrive into the Files app as a virtual filesystem. In effect, this implementation makes the actual Microsoft OneDrive accessible on the device—There is no user data on Google servers or Google Cloud Platform (GCP) in the entire process.
No OneDrive data is copied to the device, unless the user manually copies it themselves.
Personal Chromebook / Personal account
Permissions are specific to the account. A user on a personal Chromebook signing in with a personal Google account can only access their personal data.
Microsoft’s domain confirmation dialog is skipped
For organizations who use a third-party IdP as SAML SSO provider instead of Microsoft Entra ID
As part of the automated OneDrive integration with a third-party IdP, users don't see Microsoft’s Domain Confirmation Dialog—As long as the domain on the dialog matches the domain that you provided for the Microsoft OneDrive integration setting (MicrosoftOneDriveAccountRestrictions policy). If the domain does not match, the automated integration will fail and the user needs to set up OneDrive manually. For information about the Domain Confirmation Dialog, go to Microsoft's documentation.
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.