OneDrive Admin Report Shows Unknown Device Names

When you generate a OneDrive admin report in the Microsoft 365 admin center, you may see device names that you do not recognize. This can happen when users sync files from personal devices, shared computers, or devices with generic hostnames assigned by your network. This article explains why unknown device names appear in your OneDrive admin reports and how to identify which user or session they belong to.

Unknown device names often come from devices that are not joined to your domain, devices that use randomized network names, or virtual machine sessions that were not properly configured. The OneDrive sync app reports the device name that Windows provides through its system settings. If a device uses a default name like DESKTOP-ABC123, that name will appear in the report.

This article will show you how to review and filter the device activity report, how to correlate device names with user sign-in logs, and how to set policies that help you identify or block unknown devices in the future.

Why Unknown Device Names Appear in OneDrive Admin Reports

The OneDrive sync app reports the device name that Windows uses internally. This name is stored in the computer’s system properties. When a device is not joined to your organization’s Active Directory or Azure AD, the name may be a generic string assigned by the manufacturer or by a previous user. Common patterns include DESKTOP-XXXXX, LAPTOP-XXXXX, or WIN-XXXXX.

There are three main sources of unknown device names:

Personal devices used for work

Users often sync OneDrive on their personal laptops or home desktops. These devices are not managed by your IT department. Their device names are set by the user or by the operating system during installation. You cannot easily tell who owns the device from the name alone.

Shared computers and kiosk machines

Devices in conference rooms, labs, or hot-desking areas may have generic names. Multiple users sign in to the same device over time. The OneDrive admin report shows the device name, not the user who synced on that device at a specific time.

Virtual machines and temporary instances

Virtual machines created from templates often inherit a randomized name. Developers, testers, or contractors may spin up VMs for short-term work. These names appear in the report even after the VM is deleted, because the sync record remains until the device is manually removed from the user’s OneDrive settings.

How to Identify the User Behind an Unknown Device Name

You can use the Microsoft 365 admin center and Azure Active Directory sign-in logs to map a device name to a specific user and session. Follow these steps:

1. Open the OneDrive device activity report
   Go to the Microsoft 365 admin center. Select Reports > Usage > OneDrive. Click the Device activity tab. You will see a table with columns for Device name, Last sync, and Files viewed or edited. Note the unknown device name.
2. Copy the device name and the time range
   Write down the exact device name and the date and time of the last sync. You will use this information to search sign-in logs.
3. Open Azure AD sign-in logs
   In the Microsoft 365 admin center, go to Identity > Users > Sign-in logs. Alternatively, go directly to the Azure portal and select Azure Active Directory > Sign-in logs.
4. Filter by date and device name
   Set the date range to include the last sync time from the OneDrive report. In the filter bar, add a filter for Device name. Type the unknown device name. The logs will show all sign-in attempts from that device, including the user principal name, IP address, and operating system.
5. Review the user details
   Click any sign-in entry to see the full details. The User field shows the user who signed in. The Device info section shows the operating system and browser. If the device is managed, the Compliant and Managed fields will show Yes.

If the device name does not appear in sign-in logs, the device may have synced OneDrive without a full Azure AD sign-in. This can happen when the user previously signed in to OneDrive on that device and the sync continues silently. In that case, check the user’s My devices page in their Microsoft account settings.

How to Block or Restrict Unknown Devices from Syncing OneDrive

You can configure OneDrive sync policies to allow only domain-joined or compliant devices. This prevents unknown devices from syncing company data.

1. Open the OneDrive admin center
   Go to the Microsoft 365 admin center. Select Settings > Org settings > OneDrive. Alternatively, go directly to https://admin.onedrive.com.
2. Select Device access
   In the left navigation, click Sync. Scroll down to Device access. This section controls which devices can sync OneDrive files.
3. Restrict sync to domain-joined devices
   Select Allow syncing only on PCs joined to specific domains. Enter your organization’s domain names. This setting blocks all devices that are not joined to your on-premises Active Directory or Azure AD.
4. Restrict sync to compliant devices
   If you use Microsoft Intune or mobile device management, select Allow syncing only on compliant devices. This requires devices to meet your compliance policies before they can sync.
5. Save the policy
   Click Save. The changes take effect within 30 minutes. Existing sync sessions on blocked devices will stop after the next sync cycle.

Note that these policies apply to new sync attempts. Devices that are already syncing will continue until the user signs out or the sync token expires. To force a stop, you can remove the device from the user’s OneDrive settings using the OneDrive admin center.

If Device Names Still Appear After Applying Policies

OneDrive shows a device that was already removed from Azure AD

When a device is removed from Azure AD, its existing OneDrive sync tokens may remain active for up to 14 days. The device name will still appear in the admin report during that period. To remove it immediately, go to the user’s OneDrive settings in the admin center. Select the user, click Devices, and remove the unknown device.

The device name is a generic name like DESKTOP-XXXXX

This is the default name Windows assigns when a device is not renamed during setup. You cannot change the name in the report retroactively. To reduce confusion, instruct users to rename their devices to a recognizable format. You can enforce a naming convention through Group Policy or Intune configuration profiles.

A user syncs OneDrive from a personal phone or tablet

OneDrive mobile apps report the device name as the phone model or a custom name set by the user. These devices appear in the same admin report. To block mobile devices, use the device access policy and select Allow syncing only on PCs. This excludes phones and tablets.

OneDrive Device Report vs Azure AD Device List: Key Differences

Item	OneDrive Device Activity Report	Azure AD Device List
Purpose	Shows which devices have synced OneDrive files recently	Shows all devices registered or joined to Azure AD
Data source	OneDrive sync client telemetry	Azure AD registration and join records
Device name source	Windows system name or mobile device name	Device name from Azure AD registration
User association	Shows the user who owns the OneDrive account	Shows the registered owner or last sign-in user
Filter options	Date range, device name, activity type	OS, compliance status, join type, owner
Retention	Up to 180 days of activity	Until device is deleted or stale for 180 days

You now have the tools to find the user behind an unknown device name and restrict future sync from unmanaged devices. Start by checking the Azure AD sign-in logs for the device name. Then apply the device access policy in the OneDrive admin center to allow only domain-joined or compliant devices. For an extra layer of control, use Conditional Access policies to require a compliant device for all OneDrive access.