Modern Management - Part Four - OneDrive Silent Configuration

Work smarter, not harder…..

Ok so this isn’t really AutoPilot, but I think it pairs nicely with an AutoPilot deployment and Modern Management using Intune.

In Part One of this Series we configured devices for deployment and enrollment using Intune and AutoPilot. In Part Two we deployed the Office 365 suite to our client. In Part Three we packaged and deployed Win32 applications and now with Part Four we are going to look at silently Configuring OneDrive for Business.

Traditional OneDrive configuration is completed through the use of Group Policy settings which was an issue for Modern Management. Now with Intune we have the Intune Management extensions that we can utilise to execute PowerShell scripts to achieve the same results. Even better is we can now import ADMX files and utilise Configuration Profiles through Intune to configure our settings.

Work smarter, not harder. There’s no point in reinventing the wheel and I’m late on the seen here as this topic has already been excellently covered by Per Larsen and his post:

But recently Per Larsen showed us how to implement this using Intune and Device Configuration Profiles. Please take a look at his post and give it a like!

So let’s get going.

Download DeviceConfiguration_Import_FromJSON.ps1 from Github:

Save these locally

Run a PowerShell session (note you will need the Azure AD PowerShell module loaded - Install-Module AzureAD) and run the DeviceConfiguration_Import_FromJSON.ps1 script and specify your user principal name for the Azure authenticaiton

Accept the permissions required (if you are nervous about doing this then you can create the OMA-URI Settings manually but this just saves effort, remember smarter, not harder.)

Now enter the path to the ADMX–OneDrive.admx-KFM.json file

You will OMA-URI settings are created within your tenant

Now if we look at our Device Configuration Profiles you will see the ADMX - OneDrive - KFM.admx Profile listed

Within the profile you will see the required OMA-URI Settings

I’ve already created a security group to test the deployment

Now I’m going to assign the profile to this group but before I do, let’s confirm My OneDrive is not currently configured

Now assign your Profile to the group you have created

Now when we login to our Windows 10 machine we can see that OneDrive is automatically configured

If we look at the properties of the OneDrive client we can see our configuration is in place. We can see that Files on Demand is enabled and locked

The account has signed in, in the example below it’s my account

Looking at the registry we can see the OMA-URI settings from the ADMX have been applied

And that’s another job done, now go and grab a coffee :) Please remember to follow Per Larsen and follow/give his posts a like!

In Part Five we will be looking at deploying BitLocker Encryption Policy.