Silently Move Known Folders to OneDrive using Intune Settings Catalog

This post will discuss the Intune Policy to Silently Move Known Folders to OneDrive. Let’s check options to Configure OneDrive Known Folders move Policy using Intune Settings Catalog. The OneDrive Known Folders Move (KFM) must be used for physical and virtual scenarios such as AVD and Cloud PC.

The Known Windows Folders are Desktop, Documents, and Pictures. You also need to make sure to use the OneDrive Files On-Demand policy with OneDrive KFM. You can save space on your device or FSLogix Profile by making files on-demand.

You can use Intune or Microsoft Endpoint Manager (MEM) to Silently Move Known Folders to OneDrive. You will need to use Intune Settings Catalog policies to disable the OneDrive policy to stop caching the files to physical or virtual devices. There is already a post that explains how to Exclude OneDrive Shortcuts Sync Using Intune.

Let’s check how to configure the OneDrive Known Folder Move (KFM) policy to help users automatically log in to OneDrive and save the files automatically using Intune Settings Catalog. The other KFM related policies configured are KFMOptInNoWizard, KFMOptInWithWizard, and KFMBlockOptOut.

Patch My PC

OneDrive Caching or On-Demand Feature

OneDrive caching feature should be enabled by default for all the OneDrive configurations. You can check this caching configuration from the white or blue OneDrive cloud icon in the Windows notification area. You can check the configuration from the settings option from there.

The OneDrive caching policy can be configured using Intune for Windows 10 or Windows 11 devices. A blue cloud icon next to a OneDrive file or folder indicates that the file is only available online. The Online-only files don’t take up space on your Windows 10 or Windows 11 PC.

Silently Move Known Folders to OneDrive using Intune Settings Catalog
Silently Move Known Folders to OneDrive using Intune Settings Catalog

Intune Policy to Silently Move Known Folders to OneDrive

Let’s check how to Silently Move Known Folders to OneDrive for Azure Virtual Desktop (AVD) multi-session and pooled scenarios. You can also configure several other controls from Microsoft 365 admin center portal for OneDrive and SharePoint Online.

The best option is configuring the OneDrive policy using Intune settings catalog from Microsoft Endpoint Manager (MEM) Intune portal. I’ll also quickly cover the Online-only or on-demand OneDrive policy option in this post.

Adaptiva

Now, let’s create the MEM Intune policy to Silently move Windows known folders to OneDrive for Azure Virtual Desktop Multi-Session and Pooled scenarios.

  • Login to Endpoint Manager Intune portal https://endpoint.microsoft.com/#home
  • Navigate to Devices -> Windows -> Configuration profiles.
  • Click on +Create Profile.
 Intune Policy to Silently Move Known Folders to OneDrive
Intune Policy to Silently Move Known Folders to OneDrive

In MEM Intune world, the policy creation process is called profile creation. You can create OneDrive caching policies from Create Profile blade. Don’t worry about the preview tag there near to settings catalog. Microsoft fully supports this type of policy.

  • Select Platform: Select Windows 10 and later.
  • Profile: Select Settings catalog.

Click on the Create button. For Example – You have to select the platform Windows 10 and later. You can enter the details such as the name of the Policy and settings in the next screens.

 Intune Policy to Silently Move Known Folders to OneDrive
Intune Policy to Silently Move Known Folders to OneDrive

Once you click on Create button from the above page, you will need to enter the Name and Description of the setting catalog policy.

  • Name – OneDrive KFM Policy for AVD and Windows 365
  • Description – OneDrive KFM Policy for AVD and Windows 365
  • Click on the Next button to continue.
 Intune Policy to Silently Move Known Folders to OneDrive
Intune Policy to Silently Move Known Folders to OneDrive

You can click on the +Add Settings link to bring up the new blade of the policy configuration wizard. This link will help with a new blade called the Settings Picker with a search box.

Settings catalog – You can choose which settings you want to configure with the settings catalog. Click on Add settings to browse or search the catalog for the settings you want to configure.

 Intune Policy to Silently Move Known Folders to OneDrive
Intune Policy to Silently Move Known Folders to OneDrive

NOTE! – Settings picker – Use commas “,” among search terms to lookup settings by their keywords – In this scenario, I used OneDrive as a keyword.

OneDrive Policies Available in Intune Settings Catalog

You will need to click on OneDrive from the browse by category. There are 40 results (policies) in the “OneDrive” category. The following are the OneDrive policies available in the Settings Catalog workflow.

  • Allow OneDrive to disable Windows permission inheritance in folders synced read-only
  • Allow syncing OneDrive accounts for only specific organizations
  • Allow users to choose how to handle Office file sync conflicts (User)
  • Always use the user’s Windows display language when provisioning known folders in OneDrive
  • Always use the user’s Windows display language when provisioning known folders in OneDrive (User)
  • Block file downloads when users are low on disk space
  • Block syncing OneDrive accounts for specific organizations
  • Cause sync client to ignore normal web proxy detection logic
  • Coauthor and share in Office desktop apps (User)
  • Configure team site libraries to sync automatically
  • Configure team site libraries to sync automatically (User)
  • Continue syncing on metered networks (User)
  • Continue syncing when devices have battery saver mode turned on (User)
  • Convert synced team site files to online-only files
  • Disable the tutorial that appears at the end of OneDrive Setup (User)
  • Enable automatic upload bandwidth management for OneDrive
  • Exclude specific kinds of files from being uploaded
  • Hide the “Deleted files are removed everywhere” reminder
  • Limit the sync app download speed to a fixed rate (User)
  • Set the default location for the OneDrive folder (User)

There are other OneDrive Policies available, mainly device-based policies; if you see USER in the brackets of a policy, that means that particular policy is a OneDrive user-based policy.

Prompt users when they delete multiple OneDrive files on their local computer
Require users to confirm large delete operations
Set the maximum size of a user’s OneDrive that can download automatically
Set the sync app update ring
Silently move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Specify SharePoint Server URL and organization name
Specify the OneDrive location in a hybrid environment
Sync Admin Reports
Use OneDrive Files On-Demand
Warn users who are low on disk space

Enable OneDrive Files On-Demand Policy using Intune

I have selected the policy called Use OneDrive Files On-Demand policy to prevent Onedrive from Automatically Caching Files to Device for AVD. Now, you close Intune Settings Catalog – Settings Picker blade.

 Enable OneDrive Files On-Demand Policy using Intune
Enable OneDrive Files On-Demand Policy using Intune

This setting policy lets you control whether OneDrive Files On-Demand is enabled for your organization. Files On-Demand helps you save storage space on your users’ computers and minimize the network impact of sync.

NOTE! – The feature is available to users running Windows 10 Fall Creators update (version 1709 or later).

You can now click on the slide bar to ENABLE the Use OneDrive Files On-Demand policy “Use OneDrive Files On-Demand.

OneDrive Files On-Demand will be turned on by default if you enable this setting. If you disable this setting, OneDrive Files On-Demand will be explicitly disabled, and users can’t turn it on. If you do not configure this setting, users can turn OneDrive Files On-Demand on or off.

NOTE! – Recommend you test these policies thoroughly in a staging environment and confirm the behavior before production implementation. It helps to prevent saving OneDrive files into a local drive/device. To make this policy work properly, you might need to adjust some of your other OneDrive policies, such as Known Folder Redirection.

  Enable OneDrive Files On-Demand Policy using Intune
Enable OneDrive Files On-Demand Policy using Intune

Intune Policy to Silently move Windows Known Folders to OneDrive

Now, let’s quickly check the Intune Policy to Silently move Windows Known Folders to OneDrive. The following policies will help you to Silently Move Known Folders to OneDrive. This gives a better user experience for Windows 11 and Windows 10 devices.

NOTE! – The OneDrive is intelligent enough not to take all the network bandwidth and system power to perform the silent move of my Documents, My Pictures, and Desktop. It’s better to test this in staging before implementing this production to understand the impact.

The maximum throughput value detected by the sync app can sometimes be higher or lower than expected because of the different traffic throttling mechanisms that your Internet Service Provider (ISP) might use.

Microsoft also recommends deploying the silent policy for existing devices and new devices while limiting the deployment of existing devices to 1,000 devices a day and not exceeding 4,000 devices a week.

  Enable OneDrive Files On-Demand Policy using Intune
Enable OneDrive Files On-Demand Policy using Intune

The following are the 2 Windows Known Folder Move (KFM) to OneDrive policies available in Intune Settings Catalog to prevent user interaction. I’m not going to cover these two in this post.

  • Prevent users from moving their Windows known folders to OneDrive
  • Prevent users from redirecting their Windows known folders to their PC

You can click on +Add Settings from the Setting catalog page to open up Settings Picker blade. You can search with OneDrive as explained in the above section and select OneDrive Catagory. Now, click on the OneDrive category and choose the settings mentioned in the above paragraph.

  Enable OneDrive Files On-Demand Policy using Intune
Enable OneDrive Files On-Demand Policy using Intune

Microsoft recommends using the policy Silently move Windows known folders to OneDrive together with “Prompt users to move Windows known folders to OneDrive.”

The second policy allows end-users to move the known folders manually if the silent does not succeed. Users will be prompted to correct the error and continue. Hence I’m planning to test the following policies called “Silently move Windows known folders to OneDrive” and “Prompt users to move Windows known folders to OneDrive.”

NOTE! Added additional policies (listed down) to have a better user experience and follow Microsoft’s recommendations. But, again, test this in your staging environment before implementing this in production.

  • Always use the user’s Windows display language when provisioning known folders in OneDrive
  • Silently move Windows known folders to OneDrive
  • Prompt users to move Windows known folders to OneDrive
  • Silently sign in users to the OneDrive sync app with their Windows credentials

NOTE! Ensure you have the Azure AD tenant ID details to configure the OneDrive policies correctly.

  Enable OneDrive Files On-Demand Policy using Intune
Enable OneDrive Files On-Demand Policy using Intune

Intune Policy Assignment Options Silently Move Known Folders to OneDrive

In this section, let’s check Intune Policy Assignment Options Silently Move Known Folders to OneDrive. This helps you assign “the Policies” to the AAD Device Group. You can refer to the following guide to Create Intune Settings Catalog Policy and deploy it only to a set of Intune Managed Windows 11 or Windows 10 devices using Intune Filters.

You can use All Devices deployment for this particular policy deployment. You can use Intune filters from the assignment page to filter out devices that are not required. You can click on the Next button and add the Scope Tags on the next page.

You will need to click on the next and create buttons to complete the policy creation process.

Intune Policy Assignment Options Silently Move Known Folders to OneDrive
Intune Policy Assignment Options Silently Move Known Folders to OneDrive

OneDrive KFM Policy Related Event IDs Logs 873 866 890

The following are the event logs related to the Intune policy to Silently Move Known Folders to OneDrive and Use OneDrive Files On-Demand policy. I have deployed four different policies. And the following event logs, 873, 866, and 890, are related to those policies.

Silently move Windows known folders to OneDrive
Prompt users to move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Use OneDrive Files On-Demand

Event ID 873 – MDM PolicyManager: ADMX ingestion starting new Admx ingestion. EnrollmentId (D1E11663-BF69-4DD8-974A-BAD47E6EF433), app name (OneDriveNGSCv4), setting type (Policy), unique Id (OneDriveNGSCv4).

Event ID 866 – MDM PolicyManager: ADMX Ingestion: EnrollmentId (D1E11663-BF69-4DD8-974A-BAD47E6EF433), app name (OneDriveNGSCv4), setting type (Policy), unique Id (OneDriveNGSCv4), area (NULL).

Event ID 890 – MDM Container: Admx Ingestion Change Notification WNF fired, Value: (Win32App-Metadata).

Event ID 873 – MDM PolicyManager: ADMX ingestion starting new Admx ingestion. EnrollmentId (D1E11663-BF69-4DD8-974A-BAD47E6EF433), app name (OneDriveNGSCv2), setting type (Policy), unique Id (OneDriveNGSCv2).

Event ID 866 – MDM PolicyManager: ADMX Ingestion: EnrollmentId (D1E11663-BF69-4DD8-974A-BAD47E6EF433), app name (OneDriveNGSCv2), setting type (Policy), unique Id (OneDriveNGSCv2), area (NULL).

Intune Policy Assignment Options Silently Move Known Folders to OneDrive
Intune Policy Assignment Options Silently Move Known Folders to OneDrive

Errors in Event Logs – Event ID 404 – Move Known Folders to OneDrive

Let’s check why I am getting Event ID 404 for OneDrive policies. The system cannot find the file specified error for several reasons. This could be covered in the next blog post? The first thing I would normally perform is to check the registry and confirm whether the application is already installed on Windows 10 or Windows 11 PC or not.

NOTE! – Errors are fixed by now (I think?). I have got these errors because of the user policy deployed to the Cloud PCs Prevent Users To Save Files On Local Drives and Desktop Using Intune. Because of this policy, OneDrive was not getting launched, which could be causing these 404 errors.

EVENT ID 404 – MDM ConfigurationManager: Command failure status. Configuration Source ID: (D1E11663-BF69-4DD8-974A-BAD47E6EF433), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/OneDriveNGSCv2~Policy~OneDriveNGSC/SilentAccountConfig), Result: (The system cannot find the file specified.).

EVENT ID 404 – MDM ConfigurationManager: Command failure status. Configuration Source ID: (D1E11663-BF69-4DD8-974A-BAD47E6EF433), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/OneDriveNGSCv2~Policy~OneDriveNGSC/FilesOnDemandEnabled), Result: (The system cannot find the file specified.).

Errors in Event Logs - Event ID 404 - Move Known Folders to OneDrive
Errors in Event Logs – Event ID 404 – Move Known Folders to OneDrive

Registry Keys for OneDrive KFM Wizard

I could figure out the configurations in the following registry path. The Registry Keys for OneDrive KFM Wizard policies that we deployed in the above section.

OneDriveNGSCv2– The following are the registry entries for OneDrive KFM policies listed down.

Silently move Windows known folders to OneDrive
Prompt users to move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Use OneDrive Files On-Demand

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\OneDriveNGSCv2~Policy~OneDriveNGSC]
“KFMOptInWithWizard_Container”=dword:00000001
“KFMOptInWithWizard_ADMXInstanceData”=”Software\Microsoft\PolicyManager\providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\Device\OneDriveNGSCv2~Policy~OneDriveNGSC”
“KFMOptInWithWizard_ProviderSet”=dword:00000001
“KFMOptInWithWizard_WinningProvider”=”D1E11663-BF69-4DD8-974A-BAD47E6EF433”
“KFMOptInNoWizard_Container”=dword:00000001
“KFMOptInNoWizard_ADMXInstanceData”=”Software\Microsoft\PolicyManager\providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\Device\OneDriveNGSCv2~Policy~OneDriveNGSC”
“KFMOptInNoWizard_ProviderSet”=dword:00000001
“KFMOptInNoWizard_WinningProvider”=”D1E11663-BF69-4DD8-974A-BAD47E6EF433”
“SilentAccountConfig_Container”=dword:00000001
“SilentAccountConfig_ADMXInstanceData”=”Software\Microsoft\PolicyManager\providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\Device\OneDriveNGSCv2~Policy~OneDriveNGSC”
“SilentAccountConfig_ProviderSet”=dword:00000001
“SilentAccountConfig_WinningProvider”=”D1E11663-BF69-4DD8-974A-BAD47E6EF433”
“FilesOnDemandEnabled_Container”=dword:00000001
“FilesOnDemandEnabled_ADMXInstanceData”=”Software\Microsoft\PolicyManager\providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\Device\OneDriveNGSCv2~Policy~OneDriveNGSC”
“FilesOnDemandEnabled_ProviderSet”=dword:00000001
“FilesOnDemandEnabled_WinningProvider”=”D1E11663-BF69-4DD8-974A-BAD47E6EF433”

These are the registry entries for the policy “Always use the user’s Windows display language when provisioning known folders in OneDrive.”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\OneDriveNGSCv4~Policy~OneDriveNGSC]
“KFMForceWindowsDisplayLanguage_Container”=dword:00000001
“KFMForceWindowsDisplayLanguage_ADMXInstanceData”=”Software\Microsoft\PolicyManager\providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\Device\OneDriveNGSCv4~Policy~OneDriveNGSC”
“KFMForceWindowsDisplayLanguage_ProviderSet”=dword:00000001
“KFMForceWindowsDisplayLanguage_WinningProvider”=”D1E11663-BF69-4DD8-974A-BAD47E6EF433”

Registry Keys for OneDrive KFM Wizard
Registry Keys for OneDrive KFM Wizard

Conclusion – Silently Move Known Folders to OneDrive

My experience with the following five (5) policies related to silently moving known folders to OneDrive is given below. Initially, the Intune policies didn’t get installed. I identified that the failure of policy installation was because of the policy to Prevent Users to Save Files on Local Drives and Desktops.

Always use the user’s Windows display language when provisioning known folders in OneDrive
Silently move Windows known folders to OneDrive
Prompt users to move Windows known folders to OneDrive
Silently sign in users to the OneDrive sync app with their Windows credentials
Use OneDrive Files On-Demand

NOTE! – Because of the policy to Prevent Users to Save Files on Local Drives and Desktops, the OneDrive was not launched. I think that could be the reason for Event ID error 404 – The system cannot find the file specified.

Conclusion - Silently Move Known Folders to OneDrive
Conclusion – Silently Move Known Folders to OneDrive

To fix Intune policy deployment error explained above, I have removed the policy mentioned above. The Intune reports showed the successful installation of the policies. I have also confirmed this from registry entries shared in the above section.

You can check more about the Intune Settings catalog reporting options from the following post – Intune settings catalog profile report.

The following is one of my experiences with the limited testing I did for this scenario.

Can’t Stop Syncing Folder – The folder you tried to unselect is the Windows Desktop Folder, an important folder in Windows and is currently pointed to OneDrive.

 Conclusion - Silently Move Known Folders to OneDrive
Conclusion – Silently Move Known Folders to OneDrive

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

2 thoughts on “Silently Move Known Folders to OneDrive using Intune Settings Catalog”

  1. Nice post Anoop, is there an reason why choosing the service catalog above admx policies. For custom oma-uri it is an no brainer.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.