OneDrive has gained a foothold in most companies. It makes sense to use because of the 1TB available storage (based on the right licenses) and the ability to have a sort of “Backup” for your desktop, documents, and pictures.
In a given Microsoft Intune setup it is also standard to create policies to setup known folder redirection which now changed name to PC folder backup – read more here.
When it comes to setup these policies we used to go to the “Administrative templates” which looks like the ADMX (GPO structure) we used to use in our on-prem environment. Now the good news and what this blog post is about is how to set up OneDrive settings using Settings Catalog which is the better choice for reporting.
- Microsoft Intune
Setup the most common OneDrive settings
Go to endpoint manager
Press devices and windows
Press Configuration profiles and create profile
Choose Windows 10 and later, Settings catalog (preview) and press create
Give it a name and press next
Press add settings
To be sure we get the settings for the platform we like to manage, you first filter for that.
Next write “Onedrive”
Choose setting accordingly.
You need to find out with your organization if your users are allowed to add other organizations. If not, then configure this setting. (value will be shown later in this post)
We were recently given the possibility to exclude certain file types from synchronizing to OneDrive. I like to stop synchronizing shortcut files as they fill up my desktop.
Who want to allow personal OneDrive on a company owned device? Not me, so I configure this setting as well among others (see screenshot)
1. I prevent OneDrive to be setup with any other tenant than my company tenant.
2. I exclude *.lnk which is link files (Shortcuts) so they do not upload and sync to my other devices.
3. I prevent OneDrive from syncing with personally owned OneDrive accounts.
4. Setup a update ring for updating OneDrive on the clients.
5. I want OneDrive to automatically move desktop, documents, and pictures to OneDrive for backup reasons. Fits better into my strategy to quickly be able to work on a new device.
6. I want to silently sign in users to the OneDrive with their Windows credentials. If you enable this setting, users who are signed in on the PC with the primary Windows account can set up the sync app without entering the credentials for the account.
7. Sync Admin report let me see OneDrive healthy status on the OneDrive Sync health center.
8. On-demand to save bandwidth in case your users has a lot data in OneDrive, then only meta data is downloaded, and finally fully downloaded once the user click on the file.
Assign the profile. I do that to all users. You might need to differentiate who get it, then use a groups or filters.
Create the policy
If you head back to the Configuration Profile and click the new OneDrive policy you will immediate see the difference from Administrative templates to the settings catalog reporting.
If you click the “Per setting status”
You can see a per setting status, and it is called “Compliant” instead of the usual “Succeeded”
Using settings catalog is a great thing as we get more and more policies enabled. Does it make sense to migrate your old settings? It depends. What would you like to benefit out of it? The settings from “Administrative templates” does the job, but if you like the smooth reporting, go ahead and create those settings for OneDrive now available in the Settings Catalog.
Another cool thing is to keep an eye on your OneDrive health sync portal, to give critical information to your users, in a situation where they shift device or other scenarios where files are stuck.
OneDrive health center can be found here
For more content on the health portal, see this video:
Cutting Edge Microsoft OneDrive Insight Capabilities explained – YouTube