Local storage still feels familiar to many organizations. Putting files on the C drive for a moment, working without the Internet, everything at your fingertips. Until something goes wrong. A laptop gets lost, an employee leaves or ransomware strikes. That’s when it becomes clear how vulnerable local storage actually is.
Microsoft is therefore increasingly pushing for cloud-first working. A recent step in this direction is a new policy within Microsoft 365 that allows you to enforce that new Office files are only stored in the cloud. A logical development, but one with clear conditions and restrictions.
It sounds appealing, but it doesn’t work for everyone. And certainly not with every Microsoft license.
What exactly is new?
Microsoft has added a new policy setting for Word, Excel and PowerPoint on Windows called Restrict saving on non-cloud locations. This policy allows IT to determine that when saving new files, users see only cloud locations, such as OneDrive and SharePoint.
Importantly, this setting only affects the creation of new files. Existing local files remain just openable and editable. It also does not change existing permissions or data. It is purely about standardizing where new files end up.
Its purpose is clear. Microsoft wants files to be centrally stored, more secure and easier to share and manage.
Why local storage on laptops remains a risk
In many organizations, laptop use has exploded in recent years. Employees work at home, on the road or with clients. Files are stored locally because it’s fast and familiar. The only problem is that local files are often out of IT’s sight.
They are not always included in backups, are difficult to protect and easily disappear when a device becomes unavailable. In addition, multiple versions of the same document quickly arise, making collaboration unnecessarily complicated.
These are not exceptions. In practice, we see this in many SME organizations, often without real awareness.
What will change in practice?
Without this policy, users decide where to store files. Data becomes scattered across laptops, desktops and network drives, making backup and compliance difficult to enforce.
With Restrict saving on non-cloud locations enabled, that behavior changes. New files are automatically saved to the cloud. Data is centralized, more secure, and version control and collaboration work as Microsoft intended.
On paper, this sounds like a no-brainer. In practice, the nuance is mostly in licensing and technical prerequisites.
This only works with Microsoft 365 Enterprise licenses
This is a crucial point that is often overlooked. The policy Restrict saving on non-cloud locations is only fully supported within Microsoft 365 Apps for Enterprise.
If you use Microsoft 365 Business Premium, then this policy does not work as described above. This is not an error or bug, but a deliberate choice by Microsoft. For Business licenses, Microsoft supports only a limited set of Office policies through the Cloud Policy Service. Advanced policies that enforce storage behavior are reserved for Enterprise licenses.
In practice, this means you don’t see or can’t apply the policy and cloud-only storage is simply not enforceable. Expectation and reality often diverge here, which frequently leads to confusion.
Technical requirements often underestimated
Even with the right license, this policy only works if your environment is technically up-to-date. That point is regularly underestimated.
The policy can be deployed via Group Policy, Cloud Policy Service or via registry settings, but is only available if you meet the following conditions. You are using Microsoft 365 Apps for Enterprise on Windows, the Office Administrative Template files are at least version 5516.1000, and the Office apps are running at least version 2506 (build 19029.2000) or higher.
If you are working with older Office versions or delayed update channels, this functionality is simply not yet available.
Why this is especially relevant for organizations with many laptop users
Especially organizations where laptops are the standard run into these challenges. Think consultants, sales departments, project organizations and SMEs where flexibility is important.
The more freedom users have in where they store files, the more likely it is that data will be scattered. Cloud-only storage then is not a technical measure, but a way to provide structure without complicating the work process.
How do you determine if you are ready for this?
A good reality check is to take a critical look at your current Microsoft 365 environment. Are you actually using Microsoft 365 Apps for Enterprise? Is OneDrive configured for known folders by default? Have SharePoint permissions been cleaned up and is Microsoft 365 data backed up? And perhaps most importantly, is communication to users prepared?
If you have to answer no to several of these questions, it is wise to start there before considering this policy.
Practical background information
For those who want to figure it out technically, here are a few relevant resources. The latest Office ADMX files can be download from Microsoft. In addition, Microsoft describes in its documentation of the Cloud Policy Service exactly which policies are supported and under which licenses.
The registry setting that activates the cloud-only save mode creates a DWORD value EnableCloudOnlySaveAsMode with value 1 under HKEY_CURRENT_USER_SOFTWARE under HKEY_CURRENT_USER_SOFTWARE.
Are you unsure if this fits your organization?
Not every organization needs to implement this today. The important thing is to know what the options are, what licenses you are using and where your current risks are.
Do you doubt whether this option suits your organization or do you want to know whether your environment is technically and functionally ready for it? Then it is wise to look at this together first before making choices that will have to be reversed later.