Microsoft Endpoint Manager – Configuration policies for OneDrive

In the previous blog I introduced configuration policies in Intune. In this blog I want to show you Administrative Templates and how to use them to configure OneDrive for Business.

OneDrive for Business is a standard in most companies for managing and sharing corporate data so I hope this example will be useful for you. An experience with Administrative Templates is almost similar to working with Active Directory GPOs and it’s like creating GPO policy from Intune console.

So lets start. Go to DevicesConfiguration profiles and click Create profile. Choose

PlatformWindows 10 and later

Profile typeTemplates

Template nameAdministrative Template:

And press Create. Provide a name for your profile:

And click Next.

On the next wizard page in Computer configuration section click on OneDrive:

As I mention above it looks very similar to “classic” GPOs:

The first setting I want to configure is Use OneDrive Files On-Demand. I want to keep all the files in the cloud instead of synchronizing all of them on every computer I log in. Files I open will be synchronized on-demand. To configure this setting, you can scroll down and go to a second page or you can find this setting by name.

Click on the setting and choose Enabled:

Again, this experience is very similar to GPO – you see a name of the setting, description and options like Enabled, Disabled or Not Configured. Sometimes you can enable settings and configure some values which I show you later in this blog.

Click OK.

For configuring the next setting we need to have a Tenant ID. Open Azure console, go to Azure Active DirectoryProperties and copy Tenant ID:

The next setting I want to configure prevents the user to add OneDrive for Business accounts from other organizations. Click on Allow syncing OneDrive accounts for only specific organizations setting, enable it, paste Tenant ID and click OK:

In the similar way I want to configure the next settings:

  • Prevent users from syncing libraries and folders shared from other organizationsDisabled;
  • Prompt users to move Windows known folders to OneDriveDisabled;
  • Require users to confirm large delete operationsDisabled;
  • Prevent users from redirecting their Windows known folders to their PCEnabled;
  • Silently sign in users to the OneDrive sync app with their Windows credentialsEnabled.

I also want to silently redirect known user folders like Desktop, Pictures and Documents from computer to OneDrive. Click on Silently move Windows known folders to OneDrive (2.0) setting, enable it, check your preconfigured Tenant ID and folders you want to redirect, and click OK. In my case I want to notify users when the process successfully finished so I enable Show notifications to users after folders have been redirected as well:

The last setting I want to configure is updates for OneDrive. I don’t want to apply new features in a preview mode, but I want to deploy then as soon they are available, so my choice is Production update ring. To enable that open Set the sync app update ring setting and enable it:

Then click OK.

You can sort by State and see which settings we have configured:

Check it again and then press Next. On the Scope tab page press Next again.

On the Assignments page click Add groups, choose Azure AD security group and click Select:

At the end, click Next and Create.

Happy deployment!



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.