This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
Hello everyone, Chris Vetter Customer Engineer at Microsoft. I am writing to talk about creating OneDrive for Business profiles with Microsoft Endpoint Manager Configuration Manager (MEMCM). Let us start with the why. Since more businesses are allowing remote work these days what better way to allow your workforce to access their files from any device when their files are synchronized with OneDrive for Business. This can also lower the dependency on the company provided devices and provide less data loss in the case of faulty hard drives or if a machine needs a refreshed image. By using OneDrive for Business Profiles, we also automatically synchronize the content of the known folders unlike when we use folder redirection. Why should we do this with MEMCM when we can just set it with Group Policy? Two reasons number one: If you are like most organizations your On-Premises Active Directory environment already has plenty GPO (Group Policy Objects) settings being applied which can cause things like long logon times and waiting for all the Group Policies to process and refresh. Number two: The path to fully Azure Active Directory joined environment is to move away from group policy and apply these settings with Microsoft Endpoint Manager being that is one dependency a lot of environments have on staying hybrid joined is that Azure Active Directory does not have group policy like On-Premises Active Directory. So let us begin!!
Create OneDrive for Business Profile
This feature was introduced into Configuration Manager with Current Branch 1902 so if you are not on at least CB (Current Branch). 1902 (You are in an unsupported state since 1902 is no longer supported) you will need to upgrade to the latest version of MEMCM Current Branch. See my blog post on how to do this here.
From the Assets and Compliance tab expand the Compliance Settings Folder and click on the OneDrive for Business Profiles Node. From the ribbon select Create OneDrive for Business Profile,
On the General Tab we name our Profile and give it a brief description then we select next, this brings up the Supported Platforms Tab Select any Operating systems you will be supporting in your environment then select next.
The next tab is the Known Folder Move Settings. You can select what will work best for your environment or create multiple Profiles with different settings if you have dissimilar needs for different users. You will also need to add your tenant ID for your M365 subscription which can be found by following this link,
Here is a brief explanation of the settings on this tab:
- Prompt users to move Windows known folders to OneDrive: With this option, the user sees a wizard to move their files. If they choose to postpone or decline moving their folders, OneDrive periodically reminds them.
- Silently move Windows known folders to OneDrive: When this policy applies to the device, the OneDrive client automatically redirects the known folders to OneDrive for Business.
- Show notification to users after folders have been redirected: If you enable this option, the OneDrive client notifies the user after it moves their folders.
- Prevent Users from redirecting their Windows known folders back to their PC: This disables the option for users to be able to move their folders back to being local on the device.
Select next to get to the Summary Tab then next again to begin the creation process. When you are finished select close.
Next, we will select our newly created Profile and deploy it to our desired device collection.
When the Deployment Wizard opens select your Device Collection you wish to target as well as if want an alert generated for non-compliance and the schedule in which you want this profile to evaluate.
From the Windows Client this looks like a Configuration Baseline in the Configuration Manager control panel applet.
The experience in my lab was delivered on the next log on and I saw my known folders were now redirected to my OneDrive section in File Explorer.
All screenshots and folder paths are from a non-production lab environment and can/will vary per environment. All processes and directions are of my own opinion and not of Microsoft and are from my years of experience with the configuration manager product in multiple customer environments.