Microsoft Endpoint Manager – Configuration policies for OneDrive

In the previous blog I introduced configuration policies in Intune. In this blog I want to show you Administrative Templates and how to use them to configure OneDrive for Business.

OneDrive for Business is a standard in most companies for managing and sharing corporate data so I hope this example will be useful for you. An experience with Administrative Templates is almost similar to working with Active Directory GPOs and it’s like creating GPO policy from Intune console.

So lets start. Go to DevicesConfiguration profiles and click Create profile. Choose

PlatformWindows 10 and later

Profile typeTemplates

Template nameAdministrative Template:

And press Create. Provide a name for your profile:

And click Next.

On the next wizard page in Computer configuration section click on OneDrive:

As I mention above it looks very similar to “classic” GPOs:

The first setting I want to configure is Use OneDrive Files On-Demand. I want to keep all the files in the cloud instead of synchronizing all of them on every computer I log in. Files I open will be synchronized on-demand. To configure this setting, you can scroll down and go to a second page or you can find this setting by name.

Click on the setting and choose Enabled:

Again, this experience is very similar to GPO – you see a name of the setting, description and options like Enabled, Disabled or Not Configured. Sometimes you can enable settings and configure some values which I show you later in this blog.

Click OK.

For configuring the next setting we need to have a Tenant ID. Open Azure console, go to Azure Active DirectoryProperties and copy Tenant ID:

The next setting I want to configure prevents the user to add OneDrive for Business accounts from other organizations. Click on Allow syncing OneDrive accounts for only specific organizations setting, enable it, paste Tenant ID and click OK:

In the similar way I want to configure the next settings:

  • Prevent users from syncing libraries and folders shared from other organizationsDisabled;
  • Prompt users to move Windows known folders to OneDriveDisabled;
  • Require users to confirm large delete operationsDisabled;
  • Prevent users from redirecting their Windows known folders to their PCEnabled;
  • Silently sign in users to the OneDrive sync app with their Windows credentialsEnabled.

I also want to silently redirect known user folders like Desktop, Pictures and Documents from computer to OneDrive. Click on Silently move Windows known folders to OneDrive (2.0) setting, enable it, check your preconfigured Tenant ID and folders you want to redirect, and click OK. In my case I want to notify users when the process successfully finished so I enable Show notifications to users after folders have been redirected as well:

The last setting I want to configure is updates for OneDrive. I don’t want to apply new features in a preview mode, but I want to deploy then as soon they are available, so my choice is Production update ring. To enable that open Set the sync app update ring setting and enable it:

Then click OK.

You can sort by State and see which settings we have configured:

Check it again and then press Next. On the Scope tab page press Next again.

On the Assignments page click Add groups, choose Azure AD security group and click Select:

At the end, click Next and Create.

Happy deployment!

Share:

Facebook
Twitter
LinkedIn
Picture of Ievgen Liashov

Ievgen Liashov

Contact Us

=
On Key

More Posts

Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=