Last year I did a blogpost on How to deploy OneDrive Known Folder Move with Intune that uses the Intune Management Extension to deploy a PowerShell script – that one is still working and you can see all the detailed information from my blog post on Known Folder Move. I found that in production this works well, but in some cases it takes some time to get the settings on the device. do the the installation of the Intune Management Extensions – and it can be the same issue when using Windows Autopilot reset, that there can go some time before the Intune Management Extention is getting installed on the device again.
So what is the other option than using PowerShell – it is ADMX based policy in Intune that is build in with Windows 10 – this is what this blogpost is about.
To get started you need some information:
You need the onedrive ADMX from you local drive %LocalAppData%\Microsoft\OneDrive\18.192.0920.0012\adm – where you need to change the OneDrive version number with the one you have on your device.
You need the hole content from the OneDrive.admx file
How to create the policy in Intune:
Start the M365 Device Management Portal
- Select Device configuration
- Select Profiles
- Select Create profile
- Name : OneDrive.admx
- Description : Enter the version number for the OneDrive XML
- OMA-URI : ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/OneDriveNGSC/Policy/OneDriveAdmx
- Data Type : Select String
- Value : Copy the content on the OneDrive.admx file
You need to create 4 more row of OMA-URI Settings:
One:
- Name : OneDrive.admx
- Description : Enter the version number for the OneDrive XML
- OMA-URI : ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/OneDriveNGSC/Policy/OneDriveAdmx
- Data Type : Select String
- Value : Copy the content on the OneDrive.admx file
Two:
- Name : SilentAccountConfig
- Description : Silently configure OneDrive using the primary Windows account
- OMA-URI : ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/SilentAccountConfig
- Data Type : Select String
- Value : <enabled/>
Three:
- Name : KFMOptInNoWizard
- Description : Prevent users from redirecting their Windows known folders to their PC
- OMA-URI : ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/KFMOptInNoWizard
- Data Type : Select String
- Value : <enabled/>
<data id=”KFMOptInNoWizard_TextBox” value=”TenantID”/>
<data id=”KFMOptInNoWizard_Dropdown” value=”0″/>
Four:
- Name : FilesOnDemandEnabled
- Description : Enable OneDrive Files On-Demand
- OMA-URI : ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/FilesOnDemandEnabled
- Data Type : Select String
- Value : <enabled/>
Or we can just to it with a import script:
First we need the .\DeviceConfiguration_Import_FromJSON.ps1 from Github
Second you need the .json file to import into your Intune from Github
Start by running the DeviceConfiguration_Import_FromJSON.ps1
Then do the authentication. The script will test if you have the AzureAD PowerShell module or the AzureAD preview one. If you do not have installed it – you will be asked to install it and run the script again.
Then you will be asked for the .json file ADMX–OneDrive.admx-KFM.json
Then it will import and create the policy directly in Intune
Then you can see the OneDrive profile in Intune and deploy it to your users
Happy testing
Cloud First 
Awesome thanks for sharing!
How to get the admx in windows 10? Can you share the two admx file? That I can download it.
I always follow your blog for Intune management, it’s very helpful and easy to understand. 🙂
Just download the content from Github and do the import into Intune, assign it to a test user and it is working
Hi Per, I wrote almost an identical Post about OneDrive KMF, you might want to read it too.
Hi Per
I am having issues to get the SilentAccountConfig to work. I have have been looking back to your posts before this one and I can not get the silent configuration to work no matter what I do. As far as I can see everything seems correct in the registry on the client.
I am testing in a lab environment with an microsoft 365 business trial account and I am using the Windows 10 1809 from Microsofts Download page. The ISO come with Onedrive 18.143.0717.0002 and I have tried to upgrade to 18.222.1104.0007 which doesn’t help.
If I do a manual login the the KFM works without any issues.
Trying to make this work I tried using the administrative templates in Intune where the setting exists but the result is the same as for the other options.
As I am using a completly clean environment with only standard settings in Intune I was wondering if this still works for you with the newest software?
Best Regards Fredrik
Are your device AzureAD joined or hybrid AzureAD joined?
Azure ad joined. I have nothing on prem when testing this.
I feel a bit confused about joining the device to azure ad vs enrolling the device in intune
I have been following these steps with a brand new installed VM
https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network#to-join-a-brand-new-windows-10-device
It seems like this would be enough because i have no problems pushing apps or settings from intune which i guess would not be possible If the device wasnt enrolled in intune
But it still feels like i am missing something obvious
Hi Per, thanks for taking your time on this !! Looks like you made a typo under config line TWP silent configuration where you have listed the keys for the KFM setup.
Have a small problem as well. Despite adding the lines and I can see that the client getting the registry keys added, it is never logging in to OneDrive, have you seen this before ?
Cannot see any errors. Testing with Win10 enterprise 1803 and OneDrive 18.222.1104.0007
Again thanks for a great site.
Same issue. Latest Onedrive with latest Windows build. Automatic Login doesn’t work. When added my emailaddress the redirection goes automatically (Desktop, Pictures, Documents).
Same here. W10 1809 running client 19.033.0218.0011. Azure AD joined via intune autodeploy, email address is not being auto added to OD4B client, no idea why. Settings look good in registry (HKLM\Software\Policies\Microsoft\OneDrive\SilentAccountConfig is being set to 1 via intune/admx injestion)
Aggravating, should work but does not for some reason. Nothing in event log.
Thanks for the great article. I’m trying to use your files from GitHub. The first one runs fine, prompting for credentials, etc. Then it asks for the path to my json file. No matter where I put the file or how many times I double-check the spelling, it tells me the path to the JSON file doesn’t exist. Any tips?
PS C:\temp> .\DeviceConfiguration_Import_FromJSON.ps1
Please specify a path to a JSON file to import data from e.g. C:\IntuneOutput\Policies\policy.json: c:\temp\ADMX-OneDrive.admx-KFM.json
Import Path for JSON file doesn’t exist…
Script can’t continue…
Are you running in admin context?
Hi we are getting the following error with the configuration policy kfmoptinnowizard:
Remedation failed with error code 0x87d1fde8.
we see the tab autosave and need to manually update the folders and after next clicks it is working. is this normal behaviour?
we want to get this woking automatically.
hope someone has the answer
Having the same issue. Were you able to get it resolved?
no this was in my test situation we have solved this with the powershell solution:
https://osddeployment.dk/2018/07/06/how-to-deploy-onedrive-known-folder-move-with-intune/
No. It happens sometimes – it is not intentional