When OneDrive for Business stops syncing or shows an error, you need to know whether the problem is a network issue or a policy block set by your IT department. Network errors come from poor connectivity, proxy misconfigurations, or firewall rules that interrupt the connection to Microsoft 365. Policy blocks are restrictions applied by your organization through group policies or the OneDrive admin center that prevent certain files, folders, or sync behaviors. This article explains how to identify the difference by reading error messages, checking the sync activity log, and verifying tenant-level settings.
You will learn the specific error codes and log entries that point to network failures versus policy restrictions. You will also see how to test your connection using built-in Windows tools and how to confirm which policies are active on your device. By the end, you will have a clear method to diagnose the root cause without guessing or contacting IT unnecessarily.
Key Takeaways: Diagnosing OneDrive Sync Errors
- OneDrive Settings > Sync and backup > View errors: Opens the sync activity center where error codes and messages appear for each file or folder.
- OneDrive Settings > Sync and backup > Advanced settings > Pause syncing: Use this to test if a temporary network disruption is the cause versus a persistent policy block.
- Microsoft 365 admin center > Settings > OneDrive > Sync: Controls tenant-wide sync restrictions, file type blocking, and Known Folder Move behavior.
Why Network Errors and Policy Blocks Look Similar
OneDrive for Business uses HTTPS to communicate with Microsoft 365 servers. When the connection fails, the client shows a generic error message such as “We can’t sync this file” or “Sync is paused”. These same messages can appear when a group policy blocks syncing of certain file types, disables Known Folder Move, or restricts sync to specific device platforms. The error text alone rarely tells you whether the issue is on the network side or the policy side.
The root cause differs in both cases. Network errors occur at the transport layer: DNS resolution fails, TCP handshakes time out, TLS certificates are invalid, or proxy authentication is required. Policy blocks happen at the application layer: the OneDrive client receives a configuration directive from the server that prohibits the requested action. The client then refuses to proceed even if the network path is perfectly healthy.
To separate the two, you must examine error codes, log files, and test connectivity independently. The following sections provide the exact steps to perform this diagnosis.
Steps to Identify Network Errors vs Policy Blocks
Method 1: Check the OneDrive Sync Activity Log
- Open OneDrive settings
Right-click the OneDrive cloud icon in the system tray and select Settings. If the icon is hidden, click the Show hidden icons arrow first. - Navigate to the Sync and backup tab
In the OneDrive settings window, click Sync and backup on the left panel. Then click View errors under the Sync status section. - Read the error code and description
The sync activity center lists each file or folder with a status. Look for error codes such as 0x8004def5 or 0x8004def7 which indicate network authentication failures. A policy block typically shows a message like “This file type is blocked by your organization” or “Sync of this folder is restricted” without a numeric code. - Check the date and time of the error
Network errors often occur in bursts during connectivity drops. Policy blocks appear consistently on the same files or folders every sync cycle.
Method 2: Test Network Connectivity Directly
- Run a basic connectivity test
Open Command Prompt as administrator and runping outlook.office365.com -n 10. If all packets are lost, the network path to Microsoft 365 is blocked. - Test HTTPS connectivity
RunTest-NetConnection outlook.office365.com -Port 443in PowerShell. A result of TcpTestSucceeded: False indicates a firewall or proxy is blocking port 443. - Check proxy settings
Open Windows Settings > Network & internet > Proxy. Ensure the proxy server address and port are correct. If your organization uses automatic proxy detection, verify that the script URL is reachable. - Test with a different network
If possible, connect to a mobile hotspot or a different Wi-Fi network. If OneDrive syncs normally on the alternate network, the original network has a connectivity issue.
Method 3: Verify Active Policies on Your Device
- Open the OneDrive policy registry key
Press Windows + R, typeregedit, and press Enter. Navigate toHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive. If this key exists, group policies are applied. - Check specific policy values
Look for values like DisableFileSyncNGSC, DisableKnownFolderMove, or BlockTenantList. A DWORD value of 1 means the policy is enabled and blocking the corresponding feature. - Review local group policy
Open Local Group Policy Editor by typinggpedit.mscin the Run dialog. Navigate to Computer Configuration > Administrative Templates > OneDrive. Policies set to Enabled with restrictions will show here. - Check the OneDrive admin center
If you have admin privileges, go to the Microsoft 365 admin center > Settings > OneDrive > Sync. Review the Sync restrictions and File type blocking sections. These settings apply to all users in the tenant.
If OneDrive Still Shows Mixed Symptoms
OneDrive Sync Pauses Intermittently
Intermittent pauses often indicate a network problem, not a policy block. OneDrive automatically pauses sync when it detects high latency or packet loss. To confirm, open the sync activity log and look for “Sync paused due to network issues” messages. Run a continuous ping to outlook.office365.com for 60 seconds and watch for timeouts. If you see packet loss above 5 percent, the network is the culprit.
OneDrive Shows “This file can’t be synced” for All Files in a Folder
When every file in a folder fails with the same message, a policy block is likely. Check the folder path: if the folder is inside a library that has sync restrictions enabled, the entire library will fail. Go to the OneDrive admin center > Settings > OneDrive > Sync and see if any folders or libraries are explicitly excluded. Also check the registry key HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1 for a value named MountPoint — if it points to a redirected folder, the policy may be blocking that redirection.
OneDrive Error Code 0x8004def5 Appears
Error code 0x8004def5 means the OneDrive client cannot authenticate with Microsoft 365. This is a network authentication failure, not a policy block. The issue is usually a missing or expired token. Open Credential Manager in Windows, go to Windows Credentials, and remove any entries under MicrosoftOffice16_Data:ADAL:. Then restart OneDrive. If the error persists, run dsregcmd /status in Command Prompt and verify that the device is Azure AD joined. A non-joined device will fail authentication.
Network Error vs Policy Block: Key Differences
| Indicator | Network Error | Policy Block |
|---|---|---|
| Error code | Numeric code like 0x8004def5 or 0x8004def7 | Descriptive text like “blocked by your organization” |
| Affected scope | All files or intermittent across files | Specific file types, folders, or features |
| Consistency | Varies with network conditions | Persistent across sync cycles |
| Testing method | Ping, TcpTest, alternate network | Registry check, GPEdit, admin center |
| Resolution | Fix proxy, firewall, or DNS | Contact IT to modify policy |
Conclusion
You can now separate network errors from policy blocks in OneDrive for Business by examining error codes, testing connectivity with ping and TcpTest, and verifying group policies in the registry and admin center. Start with the sync activity log to see the exact error message, then run a network test to rule out transport issues. If the network is healthy, check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive for enabled restrictions. For future reference, use the OneDrive admin center > Settings > OneDrive > Sync page to review tenant-wide policies before troubleshooting individual devices.