BIO 09.04.02 ISO A.12.3.1

OneDrive: Known Folder Move (Desktop/Documents/Pictures)

πŸ“… 2025-10-30
β€’
⏱️ 3 minuten lezen
β€’
🟒 Should-Have

πŸ’Ό Management Samenvatting

Known Folder Move (KFM) is automatische OneDrive sync voor Desktop/Documents/Pictures folders - backup + ransomware recovery.

Aanbeveling
IMPLEMENT
Risico zonder
Medium
Risk Score
5/10
Implementatie
15u (tech: 5u)
Van toepassing op:
βœ“ OneDrive voor Business

KFM Voordelen: Ransomware recovery: Cloud backup is restore point (version history), Device loss: gegevenstoegangible van enige device, nul user action: Transparent redirect (C:\Users\Username\Documents β†’ OneDrive), Compliance: Centralized data is DLP/retentiebeleid.

Implementatie

Known Folder Move: Desktop, Documents, Pictures β†’ OneDrive, automatische sync (transparent), User: no behavior change, Admin: centralized backup.

Vereisten

  1. OneDrive sync client
  2. Windows 10+
  3. Sufficient OneDrive opslag
  4. Intune of GPO

Implementatie

Gebruik PowerShell-script known-folder-move.ps1 (functie Invoke-Implementation) – Implementeren.

Intune Settings Catalog: OneDrive β†’ Silently move Windows known folders to OneDrive: ingeschakeld (Desktop, Documents, Pictures).

Compliance en Auditing

BIO 09.04 (Backup), AVG Art. 32 (gegevensbescherming), ISO 27001 A.12.3.1.

Monitoring

Gebruik PowerShell-script known-folder-move.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script known-folder-move.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# ================================================================================ POWERSHELL SCRIPT - Nederlandse Baseline voor Veilige Cloud ================================================================================ .SYNOPSIS OneDrive: Known Folder Move (Desktop/Documents/Pictures) .DESCRIPTION Implementeert, monitort en herstelt: OneDrive: Known Folder Move (Desktop/Documents/Pictures) .NOTES Filename: known-folder-move.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Workload: office Category: onedrive #> #Requires -Version 5.1 [CmdletBinding()] param() $ErrorActionPreference = 'Stop' function Invoke-Implementation { <# .SYNOPSIS Implementeert de configuratie #> [CmdletBinding()] param() Write-Host "[INFO] Invoke-Implementation - OneDrive: Known Folder Move (Desktop/Documents/Pictures)" -ForegroundColor Cyan Invoke-Remediation } function Invoke-Monitoring { <# .SYNOPSIS Controleert de huidige configuratie status #> [CmdletBinding()] param() try { Write-Host " ========================================" -ForegroundColor Cyan Write-Host "OneDrive: Known Folder Move (Desktop/Documents/Pictures) - Monitoring" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan # TODO: Implementeer monitoring logica voor OneDrive: Known Folder Move (Desktop/Documents/Pictures) Write-Host "[INFO] Monitoring check voor OneDrive: Known Folder Move (Desktop/Documents/Pictures)" -ForegroundColor Yellow Write-Host "[OK] Monitoring check completed" -ForegroundColor Green } catch { Write-Error "Monitoring failed: $_" throw } } function Invoke-Remediation { <# .SYNOPSIS Herstelt de configuratie naar de gewenste staat #> [CmdletBinding()] param() try { Write-Host " ========================================" -ForegroundColor Cyan Write-Host "OneDrive: Known Folder Move (Desktop/Documents/Pictures) - Remediation" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan # TODO: Implementeer remediation logica voor OneDrive: Known Folder Move (Desktop/Documents/Pictures) Write-Host "[INFO] Remediation voor OneDrive: Known Folder Move (Desktop/Documents/Pictures)" -ForegroundColor Yellow Write-Host "[OK] Remediation completed" -ForegroundColor Green } catch { Write-Error "Remediation failed: $_" throw } }

Risico zonder implementatie

Risico zonder implementatie
Medium: Medium: Local gegevensverlies bij ransomware/device theft.

Management Samenvatting

Schakel in OneDrive Known Folder Move. automatische backup Desktop/Documents/Pictures. Ransomware recovery. Implementatie: 5-15 uur.