When we are doing modern management of Windows 10 devices with AzureAD then sometimes we are missing the easy way from group policies preferences, but in Intune we have the Intune Management extension previous known as Project Sidecar. In basic it is just a way to run a powershell script on a Intune managed devices once.

To silently configure OneDrive for Business there is some pre-requirements

  • The device needs to be AzureAD joined or hybrid AzureAD joined
  • You need to run the latest version of OneDrive for business to ensure that it is working correctly
  • The user need a OneDrive for Business license

 

We only need to set to regkeys to get this working – but there is no native way of manipulation with the registre database in Windows – so we just do it with powershell.

The 3 regkeys we need to add is:

HKCU:\SOFTWARE\Microsoft\OneDrive\EnableADAL

This one will enable ADAL for OneDrive for business, this needs to be set in the user context.

HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\SilentAccountConfig

This one will enable Silent Account Configuration for OneDrive for business, this needs to be set in the computer context.

HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\FilesOnDemandEnabled

This one will enable files on demand – this will only work on Windows 10 1709, this needs to be set in the computer context.


In a Windows 10 devices that is AzureAD joined and Intune managed – the Intune Management Extension is the easy way to setup OneDrive for Business with Silent Account Configuration.

Start by creating two powershell scripts – one for the HKCU and one for the HKLM.

EnableADAL on Onedrive.ps1 :

$registryPath = "HKCU:\SOFTWARE\Microsoft\OneDrive"
$Name = "EnableADAL"
$value = "1"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}

 

and EnableAutoConfig on Onedrive.ps1 :

 $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "SilentAccountConfig"
$value = "1"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "FilesOnDemandEnabled"
$value = "1"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null} 

 

How to setup it up in Intune:

Start the Intune Portal in Azure – https://portal.azure.com

AutoConfigure OneDrive wiith Intune 01

  1. Click Device configuration
  2. Click PowerShell scripts
  3. Click Add

AutoConfigure OneDrive wiith Intune 02

  1. Name : OneDrive Enable ADAL
  2. Script location: Browse and import the “EnableADAL on Onedrive.ps1″ script
  3. Click Configure
  4. Click Run this script using the logged on credentials = Yes

AutoConfigure OneDrive wiith Intune 03

  1. Name : Onedrive – Enable AutoConfig
  2. Script location: Browse and import the “EnableAutoConfig on Onedrive.ps1” script


How does this look from the client side:

The user is logging in at the device first time after AzureAD join

User expirence 01

OneDrive for Business client is prompting the end user “You are now syncing” on this PC

User expirence 01a

Because File On-Demand is enabled OneDrive for Business is total silent configured

User expirence 01b

In OneDrive settings – Settings blade you can see that File On-Demand is enabled on this PC

User expirence 02b

In settings – account blade of the OneDrive for Business you can see that the logged on user to the Windows 10 Device is linked to this PC

User expirence 03.png


Read more at:

Use Group Policy to control OneDrive sync client settings

(Preview) Silently configure OneDrive using Windows 10 or domain credentials

Previews for Silent Sync Account Configuration and Bandwidth Throttling for OneDrive

Learn about OneDrive Files On-Demand