cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Config Profile OneDrive auto Sync and Folder Redirect issues - "Select here to fix your credentials"

JonRoweMagnolia
Copper Contributor

‎Jul 27 2021 06:12 AM

‎Jul 27 2021 06:12 AM

Config Profile OneDrive auto Sync and Folder Redirect issues - "Select here to fix your credentials"

e just recently started moving our environment into intune for a ~2500+ device deployment for teachers/admin/students.  We have a Hybrid AD Domain Join step that starts it and joins it to our on premises AD.  We have ad sync /azure connect going where it syncs with on-prem. 

 

Our goal is to have the users turn a computer on and through OOBE login and as immediately as possible have onedrive / all o365 apps linked up and most importantly have it automatically sync the known folders (documents/pictures/videos/etc) to the onedrive location.  

 

The Hybrid AD Domain Join step works like a charm.  Then the user logs in and after it loads the profile it gives the "Select here to fix your credentials.  Or, go to settings > Accounts > Access work or school settings, and select Sign in again to fix your work or school account.

JonRoweMagnolia_0-1627391127583.jpeg

 

If I reboot the computer, sometimes this goes away completely.  Sometimes it takes 2-3 reboots.  If the user clicks it and logs in, usually onedrive will then kick in via the configuration profile we have setup to 1) login / start syncing one drive and 2) silently redirect folders to onedrive locations.  Unfortunately, neither of these work immediately...some take 3-4 reboots.

 

In our on-premises group policy, we have the Intune Device Enrollment group policy applied to "Enable automatic MDM enrollment using default Azure AD credentials.  The option for "Select Credential Type to Use is set to "User Credential", not Device Credential.

 

I don't have anything in the MDM Application ID.  I'm guessing this is correct?

 

I'm grasping at straws to get this as seamless as possible, so any help to get this streamlined would be greatly appreciated.

 

Is there anything I'm missing?  I feel like this is something that should be an easy fix that i'm just overlooking.

 

Thank you!

4,815 Views
0 Likes
3 Replies
Reply
3 Replies
Rudy_Ooms_MVP

‎Jul 27 2021 09:25 AM - edited ‎Jul 27 2021 09:26 AM

‎Jul 27 2021 09:25 AM - edited ‎Jul 27 2021 09:26 AM

Re: Config Profile OneDrive auto Sync and Folder Redirect issues - "Select here to fix your cre

Hi,

When looking at your question. It looks like you are enrolling existing devices?
Just a few questions:

*Did you monitor what happens each step/reboot with using dsregcmd /status ?
*Were the device already registered ? (existing devices --> teams --> allow to manage this device)
*Before enrolling did you check out this reg setting if there already exisiting enrollments:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments
*Did you configure:
Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration.
*Maybe configuring the scp with a gpo yourself?

*Maybe configuring the mdmwinsovergpo scp setting to make sure MDM policies win

1 Like
Reply
JonRoweMagnolia

‎Jul 27 2021 10:02 AM

‎Jul 27 2021 10:02 AM

Re: Config Profile OneDrive auto Sync and Folder Redirect issues - "Select here to fix your cre

To answer your questions :

*Did you monitor what happens each step/reboot with using dsregcmd /status ? I have not, i'm admittedly new to the admin side of this and learning as I go and receiving training while we're quickly approaching school starting and having to hand out devices and make it work. we're getting there, but not there yet. i'll research this command and make use as we proceed...thank you

*Were the device already registered ? (existing devices --> teams --> allow to manage this device) Devices are new / straight out of the box

*Before enrolling did you check out this reg setting if there already exisiting enrollments:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments I did not, but will look into this.

*Did you configure:
Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. I did not...i configured computer>policies>administrative templates>Windows Components>MDM> enable automatic MDM enrollment using default Azure ad credentials. Should I do device registration?

*Maybe configuring the scp with a gpo yourself? I'll look into this

*Maybe configuring the mdmwinsovergpo scp setting to make sure MDM policies win i'll look into this as well...

Lot of this is greek, but helps greatly as I get closer to fully understanding this monster. Thank you!

(any other suggestions are greatly appreciated)
0 Likes
Reply
Rudy_Ooms_MVP

‎Jul 27 2021 10:13 AM

‎Jul 27 2021 10:13 AM

Re: Config Profile OneDrive auto Sync and Folder Redirect issues - "Select here to fix your cre

So these are new devices. So you unpack them , add them to the domain and?

*When you add them to the domain manually it will take some time before azure ad sync will sync the device to azure (if the scope is configured correctly by default 30 minutes). Maybe speeding this up : https://github.com/steve-prentice/autopilot/blob/master/SyncNewAutoPilotComputersandUsersToAAD.ps1

*Check the User Device Registration log to make sure you will notice : Automatic registration Succeeded. Otherwise the user needs to log out and back in again.... again you can speed this up by triggering the scheduled task
"\Microsoft\Windows\Workplace Join\Automatic-Device-Join"

*dsregcmd /status and the event log will give ou the info you will need to understand the process :)
0 Likes
Reply