Move windows known folders to Onedrive using Intune

Windows known folders (Desktop, Documents, Picture) move (redirect) to onedrive is highly recommended for all the users in any organizations specially if users are not having a dedicated device. This is also a best practice when users are logging on to Azure virtual desktop or working in a citrix environement.

Once you configure and apply a policy to redirect and move windows known folders to OneDrive, users can access their files from any device. As the data is backed up to OneDrive, the data will be available even if the device crashes.

If you were previously using Folder redirection configured using Active directory group policy, you can easily migrate to Onedrive KFM Policy. Its a best practice to keep the OneDrive client installed on end user device updated to the most recent version.

OneDrive Intune Policies for Known Folders Move

We will configure below Intune policies to setup Known folders Move to OneDrive:

  • Prompt users to move Windows known folders to OneDrive
  • Silently move Windows known folders to OneDrive
  • Prevent users from redirecting their Windows known folders to their PC
Please note that Prevent users from moving their Windows known folders to OneDrive does not take effect if you’ve enabled “Prompt users to move Windows known folders to OneDrive” or “Silently move Windows known folders to OneDrive.” Therefore, we are not going to enable this setting.

Create Device Configuration Profile

  • Login on Microsoft Endpoint Manager admin center.
  • Click on Devices.
  • Click on Configuration Profiles.
  • Click on +Create Profile.
  • Select Platform: Windows 10 and later.
  • Profile type: Settings Catalog.
  • Click Create.

Basics Tab

  • Name: Onedrive KFM Policy
  • Description: This is a OneDrive Known Folder Move Policy which silently moves Windows known folders to Onedrive.

Configuration Tab

Click on + Add settings and Find OneDrive under Browse by category settings.

Onedrive KFM Policy Intune

Search for below 3 OneDrive Policies and Enable it. You will require Tenant ID while configuring this policy. Please make sure you have it handy in a notepad. You can get your Tenant ID from Microsoft Azure portal by clicking on Azure Active Directory under Basic information.

Prompt users to move Windows known folders to OneDrive
Silently move Windows known folders to OneDrive
Prevent users from redirecting their Windows known folders to their PC

Assignments Tab

You can add all users or all devices or you can create an Azure ad security group which contains users or devices and use it to deploy this configuration profile. If you deploy this configuration profile to users then it will get deployed to all managed devices where user’s signins into. If you deploy this configuration to devices then it will be applied to all users who will signin to that device. I have assigned this device configuration profile to All devices.

Review + Create

Review the device configuration profile and click on Create to create this profile.

OneDrive known folder move policy has been created and pushed to all intune managed devices. After the next Intune sync cycle completes, OneDrive policies will be applied and Windows known folders like Desktop, Documents and Pictures will be automatically backed up to OneDrive. Users will not be able to stop this redirection as well due to the Policy Prevent users from redirecting their Windows known folders to their PC.

End User Experience

We can now check one of the user device and find out if it our device configuration profile has been succesfully applied. Next, we will look in to the other OneDrive Policies which you should enable in your environment.

Prompt users to move Windows known folders to OneDrive

If you enable this setting, users may get a prompt on their screen to enable Windows known folders move (redirect). If they choose to ignore the pop-up then a message will be shown in system tray OneDrive application.

You may not see below pop-up message’s if you have also enabled “Silently move Windows known folders to OneDrive” because OneDrive folders will be automatically redirected in the backend without user interaction and there will not be any requirement for users to manually click on Start backup.

This setting is recommended to be enabled as a fall back option in case there are any issues.

OneDrive Known Folder Move Prompt in system tray OneDrive application.

Silently move Windows known folders to OneDrive

If you enable this setting, windows known folders will move without any user interaction. You can also enable a notification after their folders have been redirected.

Microsoft recommendation is to use this setting along with Prompt users to move Windows known folders to OneDrive. This is because in case the automatic known folder move does not work then users get a prompt to fix the errors and backup these folders.

Prevent users from redirecting their Windows known folders to their PC

This setting forces users to keep their Documents, Pictures, and Desktop folders directed to OneDrive. If you enable this setting, the “Stop protecting” button in the “Your IT department wants you to protect your important folders” window will be disabled and users will receive an error if they try to stop syncing a known folder. If you disable or do not configure this setting, users can choose to redirect their known folders back to their PC.

Where Tenant ID is stored in registry for OneDrive

Out of 3 policies we configured for OneDrive Known Folder move, 2 policies required Tenant ID. Where does this Tenant ID stored on End user device ? The Tenant ID is stored at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive registry key with KFMOptInWithWizard registry entry.

OneDrive Tenant ID Location in Registry

Full List of OneDrive Policies available in Intune Settings Catalog

At the time of writing this blog post, below are the list of settings available in OneDrive folder of Settings Catalog in Intune Device configuration Profile. You can get to know more details about each policy using https://docs.microsoft.com/en-us/onedrive/use-group-policy link.

  1. Allow OneDrive to disable Windows permission inheritance in folders synced read-only
  2. Allow syncing OneDrive accounts for only specific organizations
  3. Allow users to choose how to handle Office file sync conflicts (User)
  4. Always use the user’s Windows display language when provisioning known folders in OneDrive
  5. Always use the user’s Windows display language when provisioning known folders in OneDrive (User)
  6. Block file downloads when users are low on disk space
  7. Block syncing OneDrive accounts for specific organizations
  8. Cause sync client to ignore normal web proxy detection logic
  9. Coauthor and share in Office desktop apps (User)
  10. Configure team site libraries to sync automatically
  11. Configure team site libraries to sync automatically (User)
  12. Continue syncing on metered networks (User)
  13. Continue syncing when devices have battery saver mode turned on (User)
  14. Convert synced team site files to online-only files
  15. Disable the tutorial that appears at the end of OneDrive Setup (User)
  16. Enable automatic upload bandwidth management for OneDrive
  17. Exclude specific kinds of files from being uploaded
  18. Hide the “Deleted files are removed everywhere” reminder
  19. Limit the sync app download speed to a fixed rate (User)
  20. Limit the sync app upload rate to a percentage of throughput
  21. Limit the sync app upload speed to a fixed rate (User)
  22. Prevent the sync app from generating network traffic until users sign in
  23. Prevent users from changing the location of their OneDrive folder (User)
  24. Prevent users from moving their Windows known folders to OneDrive
  25. Prevent users from redirecting their Windows known folders to their PC
  26. Prevent users from syncing libraries and folders shared from other organizations
  27. Prevent users from syncing personal OneDrive accounts (User)
  28. Prompt users to move Windows known folders to OneDrive
  29. Prompt users when they delete multiple OneDrive files on their local computer
  30. Require users to confirm large delete operations
  31. Set the default location for the OneDrive folder (User)
  32. Set the maximum size of a user’s OneDrive that can download automatically
  33. Set the sync app update ring
  34. Silently move Windows known folders to OneDrive
  35. Silently sign in users to the OneDrive sync app with their Windows credentials
  36. Specify SharePoint Server URL and organization name
  37. Specify the OneDrive location in a hybrid environment
  38. Sync Admin Reports
  39. Use OneDrive Files On-Demand
  40. Warn users who are low on disk space

Conclusion

In this blog post, we saw how to configure Windows known folder move to Onedrive. You can easily enable it by configuring few settings. It also gives a peace of mind to the admins and users if their personal files are getting stored in OneDrive.

If the device they are working on stops working for some reason then they can simply login on another device and all the data in Desktop, Documents, Pictures folder will get synced back on users new device automatically when they will sign in to OneDrive. There are a lot of other policies which we have not looked into. This is something for you to explore and check the list and find out which policy will work best for your organization.