This post will describe how to deploy a policy via Intune to automatically sync known folders to OneDrive in our endpoints.
In the modern workplace era almost everything is saved in the cloud. OneDrive provides users (always depending on the plan) enough space to save their files and access them from any device. As administrators, a good practice is to ensure that the most frequent location where users save their files are automatically saved into OneDrive. That way their most important files would be saved and safe from unwanted events (e.g. computer problems etc.) and moreover the transition to a new device can be performed easily.
Delving into the above, Microsoft uses the term Known folders for the most important folders a user has. These folders refer to:
- the Documents folder
- the Desktop folder and
- the Pictures folder
By using OneDrive and defining the appropriate configurations we can redirect and move Windows known folders to OneDrive. This configurations can be found also under the code name OneDrive KFM (Known Folder Move). The benefits of doing that are shown below:
- Automatic Backup: Automatic backup of important user folders, including Desktop, Documents, and Pictures. This ensures that these crucial files are backed up without any manual effort on your part.
- Data Protection and Easy Recovery: We can safeguard the users’ files against data loss due to hardware failures, accidental deletion, or device damage. The backup copies stored in OneDrive act as an additional layer of protection for the data. Moreover, in the event of a system crash or device replacement, Known Folder in OneDrive simplifies the recovery process.
- Cross-Device Syncing: OneDrive allows users to access their backed-up files from multiple devices. Known Folder in OneDrive ensures that changes made to files in the synced folders are reflected across all devices, making it easy to work seamlessly and have the latest version of your files wherever you go.
- Version History: OneDrive maintains version history for the files, allowing users to revert to previous versions if needed. This can be particularly useful if they accidentally overwrite or delete important content.
- OneDrive Web Access: Users can still retrieve and work with your files through the OneDrive web interface. Known Folder Backup ensures that their files are securely stored and accessible via the cloud, providing flexibility and convenience.
To achieve the automatic synchronization of known folders in OneDrive through Intune we can use a configuration profile to define the desired behavior.
Let’s explore below how we can configure and deploy this policy.
First head to Intune Portal and create a new configuration profile.
Select Settings catalog as our profile type and give a name and a description to your profile.
Now click settings and search (or scroll to) OneDrive.
Here we can find many settings regarding OneDrive. These vary from general OneDrive configurations to more specific ones, like the one we want to deploy. We are going to select the setting “Silently move Windows known folders to OneDrive” and “Silently sign in users to the OneDrive sync app with their Windows credentials:.
With the first setting we are basically enabling the known folder redirection to OneDrive and with the second setting we are automatically sign in users to OneDrive to offer the best possible user experience regarding OneDrive.
As you can see in the image below we have to add out Tenant ID in this policy. To find your tenant ID go to the Azure Active Directory front page and get it from there.
Assign the policy to either a user or device group (check this post to find more about dynamic groups) and create it. A tip here is that instead of providing a specific user or device group for this policy you can also try to deploy it to All Users or All Devices. Every organization has its own needs and cases so plan well before assigning this policy. In this example we assign the policy to all of our Windows devices.
After the policy is created, wait for your devices to sync with the Intune service and receive the policy. The policy on the endpoint will bring the known folders under the OneDrive icon in file explorer.
References and documentation: