Sunday, December 8, 2024
IntuneWindows

Maximise your OneDrive: Recommended Profile Settings via Intune

Hello again, today’s topic is a practical one: how to deploy OneDrive profile settings using Microsoft Intune. This blog post aims to guide you through the process of setting up OneDrive on Windows devices in a way that’s both secure and user-friendly, complete with visual aids whenever possible. With Intune, you’ll be able to configure OneDrive’s Known Folder Move silently, ensuring a seamless user experience.

We’ll also discuss useful tips to maximise performance, like preventing OneDrive downloads when disk space is below 1500 MiB and avoiding the syncing of duplicate desktop shortcuts—especially helpful for those who transition between multiple devices. While this guide serves as a starting point, feel free to tailor the OneDrive settings via Intune to meet your specific needs.

Just give me the JSON file

Okay, okay, here’s the JSON file containing all of the settings listed in this blog post, remember to update it to match your tenant ID, you can use this script to upload the settings catalog profile into your tenant or import it via new settings catalogue option.

Prerequisites

You need a tiny bit of information before you proceed, gather your tenant ID and ensure that your tenant association key for the OneDrive sync reports is present.

Tenant ID

To gather this, go to your Entra admin console, on the overview page, your tenant ID will be listed, save this for later.

Tenant association key

Browse to the following location, ensure that a tenant association key is present, you do not need the key, just make sure it’s generated.

Verify the settings

I assume at this point you have managed to import the settings catalog policy, I personally name the profile PROD – Win11 – Catalog – Device – OneDrive, you should have the following:

Breaking down the deployed settings

Let’s get into some of the detail and why I tend to use the settings listed above.

SettingValueDescription
Allow syncing OneDrive accounts for only specific organizationsEnabled – Enter in your tenant ID(s).Obviously, a good idea, for security purposes we do not want to sync unauthorised organisations OneDrive accounts.
Block file downloads when users are low on disk spaceEnabled – Minimum available disk space – 2000 MiBLet’s not kill an overloaded drive! 🙂
Convert synced team site files to online-only filesEnabledTo save disk space, some libraries can be huge!
Disable the tutorial that appears at the end of OneDrive Setup (User)EnabledNo need, we have a notification for when known folder move occurs.
Enable sync health reporting for OneDriveEnabledTo view health status of the OneDrive sync client and gather data insights.
Exclude specific kinds of files from being uploadedEnabled – keywords:

*.lnk
*.pst
*.url
*.exe
*.msi
*.appx
Three things here,
.PST’s aren’t supported.
Do we really need installation files from syncing using up disk space?
Prevent shortcuts from syncing, this stops multiple shortcuts from appearing on the desktop (remember the Teams \ Edge issue?)
Hide the “Deleted files are removed everywhere” reminderEnabledA little intrusive I find.
Prevent users from redirecting their Windows known folders to their PCEnabledLets keep things sync’d via OneDrive and not undo our configurations.
Prevent users from syncing libraries and folders shared from other organizationsEnabledFor security purposes, data leakage.
Prevent users from syncing personal OneDrive accounts (User)EnabledFor security purposes, data leakage.
Prompt users when they delete multiple OneDrive files on their local computerEnabled – Number of files = 50Prefer this notification over the files are deleted everywhere reminder are each individual file deletion, less intrusive.
Require users to confirm large delete operationsEnabledAs above.
Set the sync app update ringEnabled – ProductionGood middle ground for broad use, obviously can create other profiles for Insider and Deferred rings, if needed.
Silently move Windows known folders to OneDriveEnabled –
Desktop, Documents, Pictures = True
Show notification to users after folders have been redirected: (Device) = Yes
Tenant ID.
This is setting that enables KFM, use this over the legacy setting of the same name, it will not have options for desktop, documents and pictures. Produce a prompt to inform users that this change has occured.
Silently sign in users to the OneDrive sync app with their Windows credentialsEnabledEssentially, SSO into OneDrive. (Be vary of MFA requirements if not using Windows Hello).
Use OneDrive Files On-DemandEnabledReduce disk space on devices. Download when needed (Tip, use Storage Spaces to convert back to online mode after period of time).
Warn users who are low on disk spaceEnabled – 5000 MiBWarn the user before this impacts the useability of the device.

OneDrive Admin Reports

As a side note, this is the kind of information you can gather when syncing OneDrive admin accounts, you gather this information from https://config.office.com using the tenant association key.

Until next time, happy OneDriving! 😊

2 thoughts on “Maximise your OneDrive: Recommended Profile Settings via Intune

  • Nice guide! Do you apply this to user or device groups? Which one is preferred?

    Reply
    • Hey, thank you. There’s no real answer here, it’s what’s best for you, do you want the profile to follow computers or follow users? For me, I prefer deploying to devices for things like this as it’s the same policies regardless of who logs on.

      Reply

Leave a Reply...