Forum Discussion
OneDrive Sync for Azure AD Joined Computers
Whenever we try to sign in to OneDrive on Azure AD joined computers we get the message "Sorry, OneDrive can't add your folder right now" It works fine for our on-premises AD joined computers. ...
John Twohig Did you get any resolution for this ? We are also facing same issue on our only Azure AD joined devices, on prem domain joined devices are working fine.
- Dell Support looked at it for a month and then escalated it to Microsoft Support who have had it for over a month. When we ask for an update they always say that it has been escalated to a senior resource.
The annoying thing is that Microsoft Support doesn't seem to have any more access to Microsoft documentation that I do. Initially they just Googled "OneDrive", "Sync", and "domain joined" and sent me links to whatever results they got. I said that I can Google too and if those documents had the answer I wouldn't have needed to open the ticket.
Yet someone at Microsoft knows what can and can't be done. Their documentation clearly states that they recognize the issue so they must have documentation somewhere. There are whole suites of tools out there that allow finding information in large amounts of structured and unstructured data. One would expect Microsoft would know something about that.- Did you ever fix this issue. currently facing the same problem
The answer I got from Microsoft is that you need to have the devices AD joined or hybrid joined or you need to use Conditional Access Policies.
Rather than using the OneDrive Sync policy they said to use a different one. In the SharePoint Admin Center go to Policies, Access Control. The Unmanaged Devices policy allows you to block access for unmanaged devices. It defines unmanaged devices as ones that are either hybrid AD joined or Intune managed.
At first I thought this would work for us. All our AAD joined devices are Intune managed and it would be easy enough to hybrid join the rest. However, here is where Microsoft tries a scam. I doesn't say on the Unmanaged Devices Policy page but enabling this requires that every user the policy applies to needs to have an AAD P1 license. Of course there is a good chance that you won't realize that until a year later and MS comes back and asks for payment for all the licenses you need but they don't tell you.
In our case, it would mean purchasing AAD P1 licenses for the 95% of our people who use computers that aren't AAD joined which doesn't make sense for us.
