For years we have be waiting to get OneDrive for Business Known Folder Move (KFM) into Windows, and now it is finally here. What is KFM??? it can move the end-users private data folders from the profile to OneDrive for Business, in my opinion the end user shall not have to choose it the what to use this feature or not. So I will show how to configure this with out any end user interaction – this does not means that it is not possible to give another end user expense.
In this blogpost I will show how to enable it with Intune via PowerShell like I did in a previous blopost on “How to silently configure OneDrive for Business with Intune”
First you need to find your AzureAD tenant ID:
Start the AzureAD Admin Center : https://aad.portal.azure.com
- Click on Azure Active Directory
- Click Properties
- Click copy after the Directory ID – save the ID for later use,
Then we need to create the PowerShell Script with the information we need to apply the settings.
Note: Remember to change TenantID in line 14
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "KFMBlockOptIn"
$value = "1"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "KFMSilentOptIn"
$value = "TenantID"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType String -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType String -Force | Out-Null}
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "KFMSilentOptInWithNotification"
$value = "0"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
$Name = "KFMBlockOptOut"
$value = "1"
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
ELSE {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null}
Download the script from GitHub
Where did we get the registry value from??
The new policy file can be found at %localappdata%\Microsoft\OneDrive\18.116.0610.0002\adm
OneDrive.admx and OneDrive.adml
Enable the policy “Prevent users from moving their Windows known folder to Onedrive” and select “Leave them” under options
Enable the policy “Prevent users from redirecting their Windows known folder to their PC”
Enable the policy “Silent redirect Windows known folder to OneDrive”
Set the TenantID
The all of the values you need are in registry
How to deploy the Powershell Script with Intune:
Start the device Management Portal at https://devicemanagement.portal.azure.com
- Click Device Configuration
- Click PowerShell Scripts
- Click Add
- Enter a Naem : OneDrive – Enable KFM
- Enter a Description : This script will automatic enable OneDrive KFM on Windows
- Click to upload the PowerShell Script
Then assign the script to a group of users and test the new feature
How does it looks like from a end user perspective:
First of all the end user OneDrive verion has to be at least 2018 Build 18.116.0610.0002 I have seen that even if the OneDrive has been update for one user on the device user number 2 can have a different OneDrive version and there for the KFM will not work for that user.
OneDrive will get a new blade called “Auto Save” when KFM is enabled.
The Known Windows folder will get OneDrive Sync icon
The known Windows folders will show up in OneDrive
Happy deployment
Read more at :
Migrate Your Files to OneDrive Easily with Known Folder Move
Cloud First 
Do the time timestamps for the files folders persist or are they updated to the date and time the folders are redirected?
Hi
Script power shell doesn’t work with hybrid azure AD joined 😦
Any other way to deploy it with intune ?
Thanks
No, the Powershell script is only working on AzureAD joined devices.
If your device is hybrid AD joined you can just use GPO or GPP.
Hej. Min GPO er ændret og min Client er opdateret til version 18.116.0610.0002, men fanen AutoSave kommer ikke frem i Onedrive. Er der der noget jeg har overset ?
Du skal enabled autosave med den option at brugeren kan se wizarden
Burde det ikke ske automatisk efter at ændringerne i GPO er fortaget , eller er det en anden indstilling ?
Does KFM use the same mechanism at the backend as folder redirection i.e. a client side extension?
Love this thank you!
If you remove or rename a redirected folder you break this solution and it won’t be recovered automaticaly.
Also I see that if a folder allready exists a new folder is created with a number at the end of the folder name. In my case “Documents 1”
Great article! I just tried it on a test machine with Intune and it works just fine. However, I noticed that Desktop, Documents and Pictures are also being synced back into the OneDrive folder (FilesOnDemand is enabled, so just placeholders).
Any advice on how to prevent this?
HI,
It doesnt work for me. Testing on a Win 10 1803 (AzureAD joined device) with OneDrive (18.131.0701.007). The Script run nicely (check policy under regedit) but nothing append. I tried to enable the registry key HKLM\SOFTWARE\Policies\Microsoft\OneDrive]”KFMOptInWithWizard” to see the “Set up protection of important folders” window but still not working.
Do I still need to configure a sync to my Onedrive first for this to work? (e.g. setup https://osddeployment.dk/2017/12/18/how-to-silently-configure-onedrive-for-business-with-intune/)
Using this solution I run into problems with symlinks, making OneDrive unable to sync. OneDrive says that “Documents” is a folder collection or symlink and can not be protected. If I go to the documents folder and show system files and remove the shortcuts for pictures, music and videos, then OneDrive will start protecting the documents folder. These hidden folder does however reappear and breaks the OneDrive protection again.
Has anyone had the same issue? I have seen it on several different systems.
Yes have the same issue and i do not know how to solve this
You can (just to be sure) deploy a script which removes these shortcuts, you can use the command:
Remove-Item “C:\users\$env:USERNAME\Documents\My Pictures.lnk” -Force -Recurse
I’ve seen this as well on the French version of Win10 Pro 1803 (clean install). It has to do with music symlink in the documents folder. In Windows Explorer you have to click the view tab, tick “hidden files” and click Options -> view tab -> untick hide protected OS files (under advanced).
Now you will see 3 symlinks. remove those and it should work for you.
Hello Experts,
I’ve tried on 1803 and it works well, but it not works in 1809, I need to manually open OneDrive client and configure it.
any insight?
It is working for me in 1809. Is it new deployed devices or upgraded?
Hi Per Larsen,
thank for your reply.
I try to deploy to new device (with Autopilot), the reg has successfully assign I checked already, but I have to manual open OneDrive Setting ->Auto Save->Update Folders
not sure what I missed?
I’ve seen this as well on the French version of Win10 Pro 1803 (clean install). It has to do with music symlink in the documents folder. In Windows Explorer you have to click the view tab, tick “hidden files” and click Options -> view tab -> untick hide protected OS files (under advanced).
Now you will see 3 symlinks. remove those and it should work for you.
@Mickey are you using the SharedPC option at all? If so SharedPC by default disabled OneDrive all together.
Hi There the script is working but when I delete file in local PC file is deleting from one drive as well. What to change in script so that file from one drive will not delete when I delete file in local PC. Your help will appreciated. Thanks
Thanks for the script. I edited it slightly to make it go and get the tenant ID, so that I could deploy it across multiple clients.
try {
# Get the username
$whoami = $(whoami /upn)
$domain = $whoami.Split(“@”)[1]
# Get the Tenant ID first
$TenantID = (Invoke-WebRequest https://login.windows.net/$domain/.well-known/openid-configuration|ConvertFrom-Json).token_endpoint.Split(‘/’)[3]
}
catch {
# Fail if no tenant ID
throw “Getting the UPN failed for $whoami”
}
Hi, KFM is working for first user but not working for second user. Does anyone have any idea why it is happening and how to solve it. Thanks
I am getting an error remedation failed with error code 0x87d1fde8.
i can see the autosave tab and need to click maually on update folders. is this normal behaviour? i thought it will go automaticaly