Configure OneDrive for Business via Intune
There are few ways to deploy and configure OneDrive for Business for Windows 10 via Intune, such as ADMX, PowerShell script and etc.
This is a very small part of Modern Management with Windows 10, Azure AD and Intune and the big picture includes many other options to deploy policies, application and custom configuration via Intune.
When configuring OneDrive for Business via Intune you need to prepare two scripts and to make sure that you’ve got the minimum requirements with Windows 10.
The requirements for OneDrive for Business are:
- Windows 10 device must be AzureAD joined or hybrid AzureAD joined
- The latest version of OneDrive for business
- OneDrive for Business license
Prepare OneDrive for Business script
First thing first you must prepare the PowerShell script for OneDrive for Business, this script set a few options in the registry:
This first one will enable ADAL for OneDrive for business, this must be set in the user context:
HKCU:\SOFTWARE\Microsoft\OneDrive\EnableADAL
This second option will enable account configuration for OneDrive for Business and must be set in the computer context:
HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\SilentAccountConfig
This third will enable files on demand and must be in the computer context:
HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\FilesOnDemandEnabled
In a Windows 10 devices that are AzureAD joined and Intune managed the Intune Management Extension is the easy way to set up OneDrive for Business with account configuration.
The PowerShell scripts are:
EnableADAL OneDrive for Business with HKCU
$registryPath="HKCU:\SOFTWARE\Microsoft\OneDrive"$Name="EnableADAL"$value="1"IF(!(Test-Path$registryPath)){New-Item-Path$registryPath-Force|Out-NullNew-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}ELSE{New-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}
$registryPath="HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"$Name="SilentAccountConfig"$value="1"IF(!(Test-Path$registryPath)){New-Item-Path$registryPath-Force|Out-NullNew-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}ELSE{New-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}$registryPath="HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"$Name="FilesOnDemandEnabled"$value="1"IF(!(Test-Path$registryPath)){New-Item-Path$registryPath-Force|Out-NullNew-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}ELSE{New-ItemProperty-Path$registryPath-Name$name-Value$value`-PropertyTypeDWORD-Force|Out-Null}
That PowerShell scripts available on my Github: https://github.com/eshlomo1/Generic
Configure PowerShell via Intune
From Intune portal run the following actions for EnableAdalODfB
Go to Intune Portal and then go to Device Configuration and choose PowerShell script
Next, add PowerShell script for the first script EnableAdalODfB and set the following options:
- Choose and upload the PowerShell script via Script location
- Configure the “Run this script…” with yes
- The two other settings must be disabled (No option)
Once creating the PowerShell script you need to assign a group
Next, you need to configure the second script EnableAutoConfigOnedrive with the following actions:
Go to Intune Portal and then go to Device Configuration and choose PowerShell script, and add PowerShell script for the first script EnableAutoConfigOnedrive and set the following options:
- Choose and upload the PowerShell script via Script location
- Set options with No on Script Settings
Then, assign the PowerShell script to a specific group
Once, the PowerShell script has configured the OneDrive will be configured automatically in Azure AD machines.
More information about Modern management and how to configure: https://www.eshlomo.us/tag/intune/
