Windows Known Folders are Desktop, Documents, and Pictures. These are the most commonly used folders on a windows device where users store their files. Syncing these folders to onedrive ensures that files stored at these locations are backed up and accessible across multiple devices.
In this blog post, we will configure and test Onedrive Known Folder Move (KFM) policy with Intune. You an simply enable Silently move Windows known folders to OneDrive setting is available in the Settings catalog to redirect known folders. However, Microsoft recommends enabling below two additional settings as well, to support this policy.
- Prompt users to move Windows known folders to OneDrive
- Prevent users from redirecting their Windows known folders to their PC
About Onedrive KFM Policies
- Silently move Windows known folders to OneDrive – Use this setting to automatically move Desktop, Documents, and Pictures folders (windows known folders) to OneDrive without any user interaction. If you don’t want to move all the folders at once, you can pick which ones to move. There’s also another version of the same policy available in the settings catalog that allows you select individual folders (like Desktop, Documents, or Pictures) to redirect.
Below screenshot shows two versions of the same setting available in the settings catalog. You can either go with the first option which will move all windows known folders to onedrive silently. Second option is to select the folders you want to move.
KFM (Known Folders Move) to OneDrive Registry Keys
After you enable Silently move Windows known folders to OneDrive policy with notification settings turned on. It will create below two registry entries on the target windows device.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\KFMSilentOptIn=<tenant ID>
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\KFMSilentOptInWithNotification=dword:00000001
Registry keys created by enabling Silently move Windows known folders to OneDrive policy
- Prompt users to move Windows known folders to OneDrive – Just in case the Silent Onedrive Known folder move (KFM) does not succeed, enabling this setting will provide prompts on the users screen to fix any issues and complete this process.
- Prevent users from redirecting their Windows known folders to their PC – This will prevent users from turning off Known folders move ensuing that these folders remain redirected to Onedrive.
Let’s now configure these settings on Intune admin center and deploy it on Windows 10/11 devices.
Create Onedrive KFM Policy on Intune admin center
- Sign in to the Intune admin center > Devices > Configuration > Create > New Policy.
- Select Platform: Windows 10 and later.
- Profile type: Settings Catalog.
- Click Create.
- On Basics tab, provide Name and Description of the Policy and click Next.
- Configuration Settings tab – Click on + Add settings and search using the keyword Onedrive.
- Select Silently move Windows known folders to OneDrive policy.
- Select Prompt users to move Windows known folders to OneDrive policy
- Select Prevent users from redirecting their Windows known folders to their PC policy.
- To configure these policy, Tenant ID is required. Go to Entra ID admin center > Identity > Overview and copy Tenant ID value.
- Assignments tab – Select Add groups and add an Entra security group containing Windows 10/11 devices.
- Review + Create – Review the deployment and click on Create to start the deployment process.
End User Experience
Once the Known Folder Move (KFM) policy is successfully applied, the Desktop, Documents, and Pictures folders will be redirected to OneDrive. This means any content stored in these folders will automatically be backed up to OneDrive and can be accessed from multiple devices.
There are various ways to check and confirm if the KFM policy has been applied successfully. Let’s take a look.
1. Confirm the Status of KFM Policy Using OneDrive App
Let’s check the status of Known folders and confirm if they are now redirected to Onedrive.
- Right-click on OneDrive Icon in the system tray.
- Click on Settings Icon > Settings.
- Click Sync and backup and then click on Manage backup button.
- As you can see from below screenshot, Documents, Pictures and Desktop folders are backed up and the toggle switches to turn off the re-direction are greyed out. This is because of the policy setting: Prevent users from redirecting their Windows known folders to their PC.
- Please note, if the Silent OneDrive KFM policy fails, users may see a message in the OneDrive app prompting them to manually back up their Desktop, Documents, and Pictures folders to OneDrive. Click on the button to proceed with the backup process.
2. Confirm the Status of KFM Policy Using Re-directed Folders
I believe this could be the easiest way to check and confirm if desktop, documents or pictures folder are pointing to Onedrive. Let’s take a look:
- Right-click on one of the re-directed folder e.g. Desktop > Click on Properties.
- Verify the Location of the desktop which is pointing to Onedrive.
3. Confirm the Status of KFM Policy Using Windows Registry
Another option to check and confirm the status of KFM policy is by using Windows registry editor. Let’s take a look:
- Press Win + R keys together to open the Run dialog box.
- Type
regedit
and press Enter to open the Registry editor. - Browse to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\ and find KFMSilentOptIn reg entry which should be set to your organization Tenant ID.
- Depending upon the Onedrive settings configured and deployed via Intune. You may registry entries corresponding to those settings as well in this location.
- KFMOptInWithWizard – This registry entry will also be set to Tenant ID and is created as we enabled Prompt users to move Windows known folders to OneDrive policy.
- KFMBlockOptOut – This registry entry is corresponding to the setting Prevent users from redirecting their Windows known folders to their PC.
4. Confirm the Status of KFM Policy Using Event viewer
Let’s check and confirm the status of KFM policy is by using Event viewer:
- Press Windows Key + R to open the Run dialog box.
- Type eventvwr and press Enter to open Event Viewer.
- Navigate to Application and Services logs > Microsoft > Windows > DeviceManagement– Enterprise-Diagnostics-Provider > Admin.
- Right-click on Admin folder and Filter the events using Event ID 814 or 813. Go through the filtered events to find the logs related to the deployment.
Other Recommended OneDrive Policies
- Silently sign in users to the OneDrive sync app with their Windows credentials – Search for this setting in the Settings catalog and Enable it. This will allow users to automatically sign in to Onedrive without entering their credentials. Refer to this link for more details:
- Use OneDrive Files On-Demand – Enabling this setting will save storage space on users devices and also save network bandwidth. After this setting is enabled, by default file content will be not be downloaded on users computers, until user will open’s it.
List of OneDrive Policies Available in the Settings Catalog
Please find the list of Onedrive settings available on intune admin center settings catalog. For more information about these settings, please refer to the link: Use OneDrive policies to control sync settings.
Other OneDrive Policies in Settings Catalog |
---|
Allow OneDrive to disable Windows permission inheritance in folders synced read-only |
Allow users to choose how to handle Office file sync conflicts (User) |
Allow users to contact Microsoft for feedback and support |
Always use the user’s Windows display language when provisioning known folders in OneDrive |
Always use the user’s Windows display language when provisioning known folders in OneDrive (User) |
Block file downloads when users are low on disk space |
Block syncing OneDrive accounts for specific organizations |
Cause sync client to ignore normal web proxy detection logic |
Coauthor and share in Office desktop apps (User) |
Configure team site libraries to sync automatically |
Configure team site libraries to sync automatically (User) |
Continue syncing on metered networks (User) |
Continue syncing when devices have battery saver mode turned on (User) |
Convert synced team site files to online-only files |
Disable animation that appears during OneDrive Setup (User) |
Disable silently sign in users to the OneDrive sync app with an existing credential that is made available to Microsoft applications |
Disable the tutorial that appears at the end of OneDrive Setup (User) |
Enable automatic upload bandwidth management for OneDrive |
Enable sync health reporting for OneDrive |
Exclude specific kinds of files from being uploaded |
Hide the “Deleted files are removed everywhere” reminder |
Limit the sync app download speed to a fixed rate (User) |
Limit the sync app upload rate to a percentage of throughput |
Limit the sync app upload speed to a fixed rate (User) |
Prevent the sync app from generating network traffic until users sign in |
Prevent users from changing the location of their OneDrive folder (User) |
Prevent users from moving their Windows known folders to OneDrive |
Prevent users from redirecting their Windows known folders to their PC |
Prevent users from syncing libraries and folders shared from other organizations |
Prevent users from syncing personal OneDrive accounts (User) |
Prompt users to move Windows known folders to OneDrive |
Prompt users when they delete multiple OneDrive files on their local computer |
Require users to confirm large delete operations |
Set the default location for the OneDrive folder (User) |
Set the maximum size of a user’s OneDrive that can download automatically |
Set the sync app update ring |
Silently move Windows known folders to OneDrive |
Silently sign in users to the OneDrive sync app with their Windows credentials |
Specify SharePoint Server URL and organization name |
Specify the OneDrive location in a hybrid environment |
Use OneDrive Files On-Demand |
Warn users who are low on disk space |