Silently Move Known Folders to Onedrive using Intune

Windows Known Folders are Desktop, Documents, and Pictures. These are the most commonly used folders on a windows device where users store their files. Syncing these folders to onedrive ensures that files stored at these locations are backed up and accessible across multiple devices.

In this blog post, we will configure and test Onedrive Known Folder Move (KFM) policy with Intune. You an simply enable Silently move Windows known folders to OneDrive setting is available in the Settings catalog to redirect known folders. However, Microsoft recommends enabling below two additional settings as well, to support this policy.

  • Prompt users to move Windows known folders to OneDrive
  • Prevent users from redirecting their Windows known folders to their PC

About Onedrive KFM Policies

  • Silently move Windows known folders to OneDrive – Use this setting to automatically move Desktop, Documents, and Pictures folders (windows known folders) to OneDrive without any user interaction. If you don’t want to move all the folders at once, you can pick which ones to move. There’s also another version of the same policy available in the settings catalog that allows you select individual folders (like Desktop, Documents, or Pictures) to redirect.

Below screenshot shows two versions of the same setting available in the settings catalog. You can either go with the first option which will move all windows known folders to onedrive silently. Second option is to select the folders you want to move.

Silently move Windows known folders to OneDrive policy in Settings Catalog
Silently move Windows known folders to OneDrive policy in Settings Catalog

KFM (Known Folders Move) to OneDrive Registry Keys

After you enable Silently move Windows known folders to OneDrive policy with notification settings turned on. It will create below two registry entries on the target windows device.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\KFMSilentOptIn=<tenant ID>

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\KFMSilentOptInWithNotification=dword:00000001

Registry keys created by enabling Silently move Windows known folders to OneDrive policy

  • Prompt users to move Windows known folders to OneDrive – Just in case the Silent Onedrive Known folder move (KFM) does not succeed, enabling this setting will provide prompts on the users screen to fix any issues and complete this process.
  • Prevent users from redirecting their Windows known folders to their PC – This will prevent users from turning off Known folders move ensuing that these folders remain redirected to Onedrive.

Let’s now configure these settings on Intune admin center and deploy it on Windows 10/11 devices.

Create Onedrive KFM Policy on Intune admin center

  • Sign in to the Intune admin center > Devices Configuration Create > New Policy.
  • Select Platform: Windows 10 and later.
  • Profile type: Settings Catalog.
  • Click Create.
  • On Basics tab, provide Name and Description of the Policy and click Next.
  • Configuration Settings tab – Click on + Add settings and search using the keyword Onedrive.
    • Select Silently move Windows known folders to OneDrive policy.
    • Select Prompt users to move Windows known folders to OneDrive policy
    • Select Prevent users from redirecting their Windows known folders to their PC policy.
Create Onedrive KFM Policy on Intune admin center
Create Onedrive KFM Policy on Intune admin center
Prompt users to move Windows known folders to OneDrive policy in settings catalog
Prompt users to move Windows known folders to OneDrive policy in settings catalog
  • To configure these policy, Tenant ID is required. Go to Entra ID admin center > Identity > Overview and copy Tenant ID value.
Copy Tenant ID of your organization from Entra admin center
Copy Tenant ID of your organization from Entra admin center
Configure Onedrive KFM Policy settings on Intune
Configure Onedrive KFM Policy settings on Intune
  • Assignments tab – Select Add groups and add an Entra security group containing Windows 10/11 devices.
  • Review + Create – Review the deployment and click on Create to start the deployment process.

End User Experience

Once the Known Folder Move (KFM) policy is successfully applied, the Desktop, Documents, and Pictures folders will be redirected to OneDrive. This means any content stored in these folders will automatically be backed up to OneDrive and can be accessed from multiple devices.

There are various ways to check and confirm if the KFM policy has been applied successfully. Let’s take a look.

1. Confirm the Status of KFM Policy Using OneDrive App

Let’s check the status of Known folders and confirm if they are now redirected to Onedrive.

  • Right-click on OneDrive Icon in the system tray.
  • Click on Settings Icon > Settings.
Onedrive App - Settings
Onedrive App > Settings
  • Click Sync and backup and then click on Manage backup button.
Sync and backup > click on Manage backup button
Sync and backup > click on Manage backup button
  • As you can see from below screenshot, Documents, Pictures and Desktop folders are backed up and the toggle switches to turn off the re-direction are greyed out. This is because of the policy setting: Prevent users from redirecting their Windows known folders to their PC.
Ensure that Documents, Pictures and Desktop toggle switch is On and greyed out
  • Please note, if the Silent OneDrive KFM policy fails, users may see a message in the OneDrive app prompting them to manually back up their Desktop, Documents, and Pictures folders to OneDrive. Click on the button to proceed with the backup process.
Manually Sync Known folders to Onedrive
Manually Sync Known folders to Onedrive

2. Confirm the Status of KFM Policy Using Re-directed Folders

I believe this could be the easiest way to check and confirm if desktop, documents or pictures folder are pointing to Onedrive. Let’s take a look:

  • Right-click on one of the re-directed folder e.g. Desktop > Click on Properties.
  • Verify the Location of the desktop which is pointing to Onedrive.
Confirm the Status of KFM Policy Using Re-directed Folders
Confirm the Status of KFM Policy Using Re-directed Folders

3. Confirm the Status of KFM Policy Using Windows Registry

Another option to check and confirm the status of KFM policy is by using Windows registry editor. Let’s take a look:

  • Press Win + R keys together to open the Run dialog box.
  • Type regedit and press Enter to open the Registry editor.
  • Browse to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\ and find KFMSilentOptIn reg entry which should be set to your organization Tenant ID.
  • Depending upon the Onedrive settings configured and deployed via Intune. You may registry entries corresponding to those settings as well in this location.
    • KFMOptInWithWizard – This registry entry will also be set to Tenant ID and is created as we enabled Prompt users to move Windows known folders to OneDrive policy.
    • KFMBlockOptOut – This registry entry is corresponding to the setting Prevent users from redirecting their Windows known folders to their PC.

4. Confirm the Status of KFM Policy Using Event viewer

Let’s check and confirm the status of KFM policy is by using Event viewer:

  • Press Windows Key + R to open the Run dialog box.
  • Type eventvwr and press Enter to open Event Viewer.
  • Navigate to Application and Services logs > Microsoft Windows DeviceManagement– Enterprise-Diagnostics-Provider > Admin.
  • Right-click on Admin folder and Filter the events using Event ID 814 or 813. Go through the filtered events to find the logs related to the deployment.
Confirm the Status of KFM Policy Using Event viewer
Confirm the Status of KFM Policy Using Event viewer
  • Silently sign in users to the OneDrive sync app with their Windows credentials – Search for this setting in the Settings catalog and Enable it. This will allow users to automatically sign in to Onedrive without entering their credentials. Refer to this link for more details:
  • Use OneDrive Files On-Demand – Enabling this setting will save storage space on users devices and also save network bandwidth. After this setting is enabled, by default file content will be not be downloaded on users computers, until user will open’s it.

List of OneDrive Policies Available in the Settings Catalog

Please find the list of Onedrive settings available on intune admin center settings catalog. For more information about these settings, please refer to the link: Use OneDrive policies to control sync settings.

Other OneDrive Policies in Settings Catalog
Allow OneDrive to disable Windows permission inheritance in folders synced read-only
Allow users to choose how to handle Office file sync conflicts (User)
Allow users to contact Microsoft for feedback and support
Always use the user’s Windows display language when provisioning known folders in OneDrive
Always use the user’s Windows display language when provisioning known folders in OneDrive (User)
Block file downloads when users are low on disk space
Block syncing OneDrive accounts for specific organizations
Cause sync client to ignore normal web proxy detection logic
Coauthor and share in Office desktop apps (User)
Configure team site libraries to sync automatically
Configure team site libraries to sync automatically (User)
Continue syncing on metered networks (User)
Continue syncing when devices have battery saver mode turned on (User)
Convert synced team site files to online-only files
Disable animation that appears during OneDrive Setup (User)
Disable silently sign in users to the OneDrive sync app with an existing credential that is made available to Microsoft applications
Disable the tutorial that appears at the end of OneDrive Setup (User)
Enable automatic upload bandwidth management for OneDrive
Enable sync health reporting for OneDrive
Exclude specific kinds of files from being uploaded
Hide the “Deleted files are removed everywhere” reminder
Limit the sync app download speed to a fixed rate (User)
Limit the sync app upload rate to a percentage of throughput
Limit the sync app upload speed to a fixed rate (User)
Prevent the sync app from generating network traffic until users sign in
Prevent users from changing the location of their OneDrive folder (User)
Prevent users from moving their Windows known folders to OneDrive
Prevent users from redirecting their Windows known folders to their PC
Prevent users from syncing libraries and folders shared from other organizations
Prevent users from syncing personal OneDrive accounts (User)
Prompt users to move Windows known folders to OneDrive
Prompt users when they delete multiple OneDrive files on their local computer
Require users to confirm large delete operations
Set the default location for the OneDrive folder (User)
Set the maximum size of a user’s OneDrive that can download automatically
Set the sync app update ring
Silently move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Specify SharePoint Server URL and organization name
Specify the OneDrive location in a hybrid environment
Use OneDrive Files On-Demand
Warn users who are low on disk space

Leave a Comment