Previews for Silent Sync Account Configuration and Bandwidth Throttling for OneDrive
Published Oct 25 2017 12:25 PM 78.2K Views
Microsoft

At Ignite, we announced two new features for IT Administrators. The first was Silent Sync Account Configuration for OneDrive which will allow you to silently configure OneDrive using Windows 10 or domain credentials for Windows 7 and Windows 8 on the first run.  The second was the ability to let you set the maximum download throughput rate for computers running the OneDrive sync client. Both of these features are now in preview.

 

Silent Sync Account Configuration

 

Important: If you enable this setting, ADAL (Azure Active Directory Authentication Library) must be enabled or the account configuration will fail. Download and open EnableADAL.reg to enable ADAL and restart the sync client.

 

This policy lets you configure the OneDrive sync client silently using the primary Windows account on Windows 10, and domain credentials on Windows 7 and later.

 

If you enable this setting, OneDrive.exe will attempt to sign in to the work or school account using these credentials. It will check the available disk space before syncing, and if it is large, OneDrive will prompt the user to choose their folders. The threshold for which the user is prompted can be configured using DiskSpaceCheckThresholdMB. OneDrive will attempt to sign in on every account on the computer and once successful, that account will no longer attempt silent configuration.

 

If you enable this setting and the user is using the previous OneDrive for Business sync client, the new sync client will attempt to take over syncing. The new sync client will attempt to import the user's sync settings from the previous sync client.

 

If you disable this setting, OneDrive will not attempt to automatically sign in users.

 

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]

"SilentAccountConfig"=dword:00000001

 

This policy can be used with DiskSpaceCheckThresholdMB as well as DefaultRootDir.

 

Please let us know if you have feedback on this feature or encounter any issues. Right-click the OneDrive icon in the notification area and click "Report a problem." Please tag any feedback with "SilentConfig" so that your feedback will be sent directly to engineers working on this feature.

 

Configure the maximum OneDrive size for downloading all files automatically   

 

This setting is used in conjunction with SilentAccountConfig. Any user who has a OneDrive that's larger than the specified threshold (in MB) will be prompted to choose the folders they would like to sync before the OneDrive sync client (OneDrive.exe) downloads the files.

 

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB]

Example: "1111-2222-3333-4444" = dword:0005000

(where "1111-2222-3333-4444" is the Tenant ID and 0005000 sets a threshold of 5000MB)

 

How to set the maximum download throughput that OneDrive.exe uses   

This policy lets you set the maximum download throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync client. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec. The lower the download throughput rate that you configure, the longer computers running OneDrive.exe will take to download files. 

 

By default, the download throughput rate is unlimited and can be configured by the user directly in the sync client. If you enable this setting, computers affected by this policy will use the maximum download throughput rate that you specify, and the users will not be able to change the download rate in sync client settings themselves. Note, that OneDrive.exe must be restarted on users’ devices to apply the configuration specified in this setting. If you disable this setting, users can configure the maximum download rate for their computer by opening sync client settings and clicking the Network tab. 

 

We recommend that you use this setting in cases where Files On-Demand is NOT enabled and where strict traffic restrictions are required, such as when you initially deploy the sync client in your organization or enable syncing of team sites. We don't recommend that you use this setting on an ongoing basis because it will decrease sync client performance and negatively impact the user experience. 

 

Enabling this policy sets the following registry key value to a number from 50 through 100,000. For example:

 

[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DownloadBandwidthLimit"=dword:00000032

 

The above registry key sets the download throughput rate limit to 50KB/sec, using the hexadecimal value for 50, which is 00000032.

 

All the computer configuration policies can be found under Computer Configuration\Policies\Administrative Templates\OneDrive.

 

Additional Group Policies to control OneDrive Sync can be found here

 

Questions? Feedback? Feel free to drop in your questions below

 

46 Comments
Deleted
Not applicable

Are there CSPs for OneDrive for these settings?  Custom ADMX backed CSPs aren't possible since these settings are in a restricted part of the registry.  We'll be migrating all of our users to AAD only joined W10 PCs starting next month and want to use these settings.

Copper Contributor

We’re getting more and more «cloud only» customers. I really hope there’s a CSP coming really soon so we can push this out with Intune...

Microsoft

Greg/Lasse,

 

No CSP's yet as we are still in preview. I will bring it back to the engineering team for awareness. I encourage you to add it to onedrive.uservoice.com so it can get upvoted as well for awareness.

Copper Contributor

Thank you for your reply Stephen,

 

I've submitted this to uservoice now: https://onedrive.uservoice.com/forums/262982-onedrive/suggestions/32026432-onedrive-csp-for-mdm-mana...

Steel Contributor

I have added it to the uservoice but something which is painful is when users are changing computers, all the sharepoint libraries are to be synced "manually"again (You have to go in the browser in each libraires you were syncing before and click on Sync...) https://onedrive.uservoice.com/forums/262982-onedrive/suggestions/32029009-changing-computer

Deleted
Not applicable

Is there anything else that needs to happen before auto login works? Can I just take an imaged machine, run the ADAL reg update on it, and restart the client, long as it's joined to my domain and they have an account it will try to login? I just tried and it never did try to login, think I might be missing a step? 

Copper Contributor

 

 

This policy lets you configure the OneDrive sync client silently using the primary Windows account on Windows 10, and domain credentials on Windows 7 and later.

 

 

With Windows 10, what exactly is the "primary Windows account"? If the machine is Active Directory domain joined, is this the logged on user?

 

Brass Contributor

Has anybody gotten /silentConfig working?

 

I think I have everything in place - ADAL, SilentAccountConfig, DiskSpaceCheckThresholdMB, client (.7076.), and I'm still getting prompted for sign-in and folders.

Copper Contributor

James - no its not working for me. I've tried on Win7 and Win10 but no luck. 

Deleted
Not applicable

No luck with my few tries of getting it to work. Not sure what we could be missing

Copper Contributor

Not working for me either.  MS Ignite demos made it look super easy.  Guess it was just smoke and mirrors.

Deleted
Not applicable

Something tells me the version of client we have doesn't have the bits in it for this to work right, probably need a later version. 

Copper Contributor

I have the SilentConfig working fine. However, the DiskSpaceCheckThresholdMB isn't working... Everytime it syncs on that first run it prompts me to choose which folders I want to sync... I have the GPO fully configured.

Copper Contributor
Not working for me. I'm using Windows 10 1709 (Education), OneDrive v17.3.7076.1026. All required Reg / GPO's are in place. We sync via AADSync if that matters.
Brass Contributor

So I figured this one out and it's not good for my environment. 

SilentConfig

Windows 7- worked no problem on my test Win7 Vm's, it used the Domain Creds to log in. 

Windows10- It does not work with the Domain Creds. It uses the Windows WORK account which will not work for me since our computers are joined to Active Directory and if we have to tell every user to add a WORK ACCOUNT to their profile it completely defeats the "SilentConfig".

 

Onedrive Team, Can you guys please make it that it looks at Domain Credentials in Windows10 too?

 

Thanks,

-Bruce

Copper Contributor
Bruce, I had a similar issue to you. I had to set up Hybrid AD and Azure AD to get this working. https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devi... I'm only working in a test environment at the moment as we aren't using Onedrive or O365 fully yet so I am finding myself following instructions that seem to assume a fully integrated deployment for new features to work. Thanks Ivan
Copper Contributor

what machine does  EnableADAL.reg need to be run on?  (Azure DCs, Local DCs, all workstations, etc ...?)

Brass Contributor

James Mika,

 Enableadal has to be done on the client machine. I have done enable Adam on all Corp computers using GPO.  If you don't know how I can show you step by step on how to.

 

Copper Contributor

I've enabled both registry settings, but the EnableADAL won't push from GPO.  As soon as I manually add the registry setting to the client computer it starts working.  Just not with GPO.  Any ideas?

image.png

Copper Contributor

Never mind.  I found that my GPO was linked to a computer OU.  I added a new policy with just the hkey_current_user key and linked it to the domain users group and it applied fine.

Copper Contributor

@Jeremy Friesen,

 

Cool that you got it working.  Could you describe your config?  Which OS are you using and are you using AADSync or ADFS?

 

Thanks,

Graham 

Copper Contributor
  1. Win 10 Pro 1703 and 1709 connected to a domain
  2. ADConnect running on a server to connect user's domain info to AzureAD with Office 365 Premium
  3. Client registry setting: HKCU\SOFTWARE\Microsoft\OneDrive\EnableADAL=1 (dword)
  4. Client registry setting: HKLM\SOFTWARE\Policies\Microsoft\OneDrive\SilentAccountConfig=1 (dword)    (Probably not needed with the group policy setting below, but I'm not positive.  One of the settings I left enabled because I didn't want to mess up what finally started working....)
  5. Download and install the latest OneDrive client
    1. After install you can find the latest OneDrive admx/adml group policy files on the client at %LocalAppData%\Microsoft\OneDrive\-build-version-\adm\OneDrive.admx
    2. Copy those files to your domain server.
  6. Group Policy Settings to enable in: Computer Config\Admin templates\OneDrive\
    1. Enable OneDrive Files On-Demand
    2. Silently configure OneDrive using the primary Windows account
    3. Optionally: The maximum size of a user's OneDrive for Business before they will be prompted to choose which folders are downloaded

I reimaged a test computer back to base 1703 Win 10 after getting this to work and the first, second, third time I logged in nothing happened.  I manually ran the OneDrive update tasks is Task Manager (mine had 3 tasks and I ran them all).  Then I rebooted and OneDrive fired up successfully.  I'd assume that step is just for impatient folks like me.

Sorry if I missed anything.

Copper Contributor

Thanks for taking the time to write that up :)

 

Oh well, that's basically identical to our config so God knows what the problem is.  I've tried various accounts and none of them automatically sign-in.

 

I did notice that the version of the OneDrive client appears to change depending on who is logged on.  If a new user logs on the version is always 17.3.6816.0313 and once the update task is run it's upgraded to 17.3.7076.1026 but when a new user logs in the version that appears in appwiz.cpl is the 17.3.6816.0313.  I suspect it doesn't make any difference either way.

Copper Contributor

Graham

As I understand - OneDrive is installed per user.  So each user MIGHT need to run that task before it would upgrade and auto configure would work.  Please check that info, though. 

There were a lot of improvements to the client between the two versions you listed.  You might be on to something according to these release notes.  https://support.office.com/en-us/article/New-OneDrive-sync-client-release-notes-845dcf18-f921-435e-b...

Copper Contributor

Hi Stephen,

 

I know that OnDemandFiles is not available for WS2012 R2 or WS2016 but is this setting: "DiskSpaceCheckThresholdMB"?

It would tremendously help in getting OneDrive 4 B deployed in the Enterprise....

 

Thanks for letting me know.

Copper Contributor

This Microsoft article is very helpful:

https://support.office.com/en-us/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0...

 

Please remember... the User's Information is not setup and configured on 'virgin' computers.  Thus, HKCU is not ready for the EnableADAL.reg settings in the specific registry for the User as they are signing into the workstation.

 

We have OneDrive setup to automatically install silently & automatically configure the User's information... below are the four registry entries exported that we pushed by GPO:

--- This one is required ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive]
"SilentAccountConfig"=dword:00000001

 

--- This one is required and specific to your organization ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList]
"8deb1d4d-d0a4-4d04-xxxx-f7076cbxxxxx"=""

 

--- This one is optional, it checks the disk space... currently set to 500GB ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB]
"8deb1d4d-d0a4-4d04-xxxx-f7076cbxxxxx"=dword:00500000

 

--- This one is the Most Important.  It creates the OneDriveADAL in the HKCU section of the registry ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveADAL"="powershell.exe -NoProfile -NonInteractive -WindowStyle Hidden -Command \"& {Set-ItemProperty -Path HKCU:\\\\Software\\Microsoft\\OneDrive -Name EnableADAL -Type DWord -Value 00000001 -Force}\""

 

Please be aware that the exported keys are not typed exactly the same way as it is entered into the GPO Manager.  This is how the Most Important key is setup in the Computer Configuration section.

 

Hive: HKEY_LOCAL_MACHINE

Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value name: OneDriveADAL

Value Type: REG_SZ

Value data: powershell.exe -NoProfile -NonInteractive -WindowStyle Hidden -Command "& {Set-ItemProperty -Path HKCU:\\Software\Microsoft\OneDrive -Name EnableADAL -Type DWord -Value '00000001' -Force}"

 

It took sometime to get this setup for our oganization.  We had been inquiring with our MS rep since September 2017... got the "Preview" in early October 2017... and had it operational by early November 2017.

 

I hope this helps all of you IT Enterprise Administrators!

Copper Contributor

So far I was able to get this working with manually setting the registry keys. Presumeably it should work when setting them by GPO just as @Alan Rocha mentions.

 

Environment:

  • Windows 10 1607
  • Domain joined PC and domain user account
  • Office 365 enterprise license
  • Hybrid AD
  • OneDrive 17.3.7076.1026 - previous versions do NOT work

Steps Followed:

  1. Set the SilentAccountConfig and EnableADAL keys
  2. Unlink the PC (in case OneDrive was previously configured)
  3. Close OneDrive
  4. Launch OneDrive (either from Start Menu or command line)
  5. You should see a grey OneDrive icon appear for a few seconds followed by a blue “up to date” icon. Then a ribbon should appear saying you are now syncing OneDrive...

The above steps worked the first time. However, once configured silently the first time, OneDrive will not silently configure again. This is because an additional DWORD [HKEY_Current_User\Software\Microsoft\OneDrive\SilentBusinessConfigCompleted] is set to "1". This DWORD will keep the silent config from working again on the same PC. So you will either need to set it to "0" or delete it.

Copper Contributor

Just confirming, this only works for Azure AD joined devices or domain joined? What about for Windows 10 BYOD that are AAD registered? Can we configure anything in Intune so policies could be applied and lets the user sign in automatically after registering and enrolling in MDM?

Copper Contributor

Hi everyone,

             I'm a classroom support technician working in Higher Ed.  I create a Windows 10 image for deployment to about a hundred classroom stations, and we're working on getting O365 and OneDrive for Business to silently license and configure themselves for each new user of our PCs.  We've had success with the Device Based Activation for O365, but the OneDrive For Business app is still being a real pain.  I keep coming back to this forum looking for more info - and thank you all so much for the fabulous detail in your posts so far!  I'm wondering today if we're all talking about OneDrive for Business, and not the OneDrive personal "modern app" that comes with Windows 10?  Several of you have mentioned OneDriveSetup.exe, and I noted the version requirement of at least 17.3.7076.1026 (thank you SO MUCH for that info), but as far as I can tell the OneDrive for Business app on our Start Menu, which comes bundled with O365, uses Groove.exe (16.0.9001.2138 as of Feb. 2018) found at C:\Program Files (x86)\Microsoft Office\root\Office2016\

             Even if I download the latest version of the OneDriveSetup.exe listed above I can't get silent configuration to work, but I wanted to make sure folks were aware of this difference between the executables.  Our setup is virtually identical to what Erica described above - domain PCs and user accounts, hybrid AD, etc.  Working with our Systems team now to try and determine if there is some Hybrid AD feature we still have yet to enable that might resolve this for us.

Copper Contributor

The entire Silent configuration here is a joke. AT BEST you can get it to sign the user in, but then the user has to select what files to sync. IF THE USER HAS TO ANYTHING, IT ISN'T SILENT.

 

Not to mention the blatent disregard for giving us the ability to specify document libraries we'd like to sync. Sure, let me just tell all my users to take time out of their day to navigate to a web portal, click a Sync button, and select folders. 

 

This whole thing is less than half baked and not even remotely ready for deployment at scale 

 

 

Copper Contributor

I don't know if this will help you Darren, but there's a GPO for setting the maximum size a OneDrive can be before prompting the user which folders to sync - setting it to 500,000MB (500GB) is the limit I think, and that should prevent the prompt from coming up.  There's another GPO to prevent users from changing the default OneDrive folder location on the PC (it defaults to the %USERPROFILE% folder, so like C:\BobSmith\OneDrive). Once the drive is synced users should be able to just copy their \Documents folder (or other libraries) to the OneDrive folder on their local PC if they want all that to sync, I would imagine.  I can't verify this as we have yet to get silent config working, but it might help you.  :)

Copper Contributor

Thanks Ryan, this helps but only slightly.

 

I'm mostly concerned with deployment the Document Libraries and at this time I cannot find a supported way to do this.

 

It appears that the data is stored in 2 places

%localappdata%\Microsoft\OneDrive\settings\Business1\<ScopeIdGuid>.ini 

 

and in the registry under

HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1\ScopeIdToMountPointPathCache 

REG_SZ <ScopeIdGuid> <Path to sync location>

 

It _looks_ like the values in the registry control the sync engine while the values in the <ScopeIdGuid>.ini control the Nav Pane in Windows Explorer.

 

However, Fiddlering the web requests, I cannot figure out how to get the <ScopeIdGuid> itself. It doesn't appear in any of the web requests.

 

The next best option would be to replicate what happens when the user clicks the Sync button on a document library. It uses the odopen:// protocol route with a bunch of parameters, meaning we could feasibly run Powershell as a logon script like this:

 

Start-Process "odopen://sync/?
userId=<UserGuid>
siteId=<SiteGuid>
webId=<WebGuid>
listId=<ListGuid>
userEmail=<upn>
webUrl=<url>
isSiteAdmin=0
onPrem=0"

The SiteId can be found programtically using 

$context = New-Object Microsoft.SharePoint.Client.ClientContext("https://tenant.sharepoint.com/teams/eric")
$context.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($credential.UserName,$credential.Password)
$site = $context.Site
$context.Load($site)
$context.ExecuteQuery()
$site.Id

Courtesy of https://sharepoint.stackexchange.com/questions/192281/how-to-get-site-id-or-site-url-for-sharepoint-...

 

 

However at this moment I can't figure out how to programatically determine the WebId and ListId parameters. The call doesn't work without them.

Copper Contributor

Hey guys, I was confused about some of the prerequisites to get this working, and reached out to microsoft. Turns out you do need to be in an hybrid Azure AD environment for this to work. I don't know if anyone else was confused about that, but I sure was. Here is the email I received from Microsoft support abut getting this silent config set up:

 

 

Thank you contacting Microsoft,

I checked for the issue and below are few steps provided by our senior resources.

There are 3 points to this

First you have to prep your AD environment so that domain joined Windows 10 devices know where to look for your tenant. To do this I needed to create a Service Connection Point using the Initialize-ADSyncDomainJoinedComputerSync PowerShell on the AD Connect server.

https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devi...

Next you need to synchronise the OU or OUs that contain the devices you would like to auto register in Azure AD. I did this by modifying synchronization options in AD Connect. After it has synchronised the changes check Azure AD for the device, it should show as Hybrid Azure AD Joined.

Finally, you roll this out by setting Register domain joined computers as devices through GPO against the devices you are joining.

Restart your test device and log on with your domain credentials. To verify check the User Device Registration event log.

If the other settings that apply to OneDrive Silently Configure are in place the OneDrive client should now automatically log on.

However, there was one last thing I needed to do to get it working! As I had logged onto the machine before I made these changes I needed to reset a registry key, as Silently Configure will only try once. HKCU\Software\Microsoft\OneDrive\ClientEverSignedIn change from 1 to 0.

I hope you find this helpful, I had to learn all this by myself.

 

So it looks like Azure Connect has to be able to sync a list of windows 10 devices on your domain to Azure AD which then automatically registers those devices to your tenant which THEN allows you to automatically configure those devices OneDrive accounts because the devices has already been registered.

Copper Contributor

Please excuse my ignorance, but I'm looking to test silently configuring OneDrive for our Windows 7 domain joined system.  I realize this feature has been in preview for several months, but how does one acquire the updated ADMX and ADML files.  I'm currently running OneDrive NGSC v17.005.0107.0008 and the options are not present.

Copper Contributor

@Wesley Moreno

Thanks for the information, it looks like we have some extra config to do in that case as we are only using AD Connect to sync user accounts.  Could I just check something with you; Did your SCP GUID match that of your O365 Tennant ID?  Ours does not and I wonder if that might cause a problem.

 

Could anyone else confirm the requirement to sync machine accounts?

Copper Contributor

@Graham Riley

We just recently got our machine accounts to sync fully with AAD, and to do so we had to set up the issuance of claims on our AAD tenant per this documentation:  https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devi....   Once we got that final component up and running everything else fell into place.

Copper Contributor

Hello Stephen,

 

It's already been asked here but maybe there's progress - is silent SharePoint Sync yet possible?  My best path so far is providing the odopen://sync configured commands to users, because as far as I know there's now way to get that command to run silent with default selections.  Each user must still see the dialogs happen and respond to them, a fact universally despised by every IT Admin I have to sell on the whole O365 file system notion.  The response is uniform: How did Microsoft miss the need to make this an adminstrative function?

Copper Contributor

Has anyone had any success in a pure Azure AD environment? I'm planning on deploying about 100 laptops to students and would very much like to automate this process. 

Brass Contributor

Just successfully completed setting the silent configuration in a Windows 10 test environment and wanted to share.

 

Prerequisites:

1. Windows 10(at least with Anniversary update)  with OneDrive next gen sync client, hybrid Azure AD joined; (Should work with Windows 7 though I haven't tested)

2. Azure AD Connect is syncing domain user accounts to Azure AD(Or separate accounts but with same username and passwords)

 

Registry setting or Group policy configuration 

  1. HKEY_CURRENT_USER\Software\Microsoft\OneDrive\    

    Key: EnableADAL

    DWORD

    Value: 1

     

    HKEY_CURRENT_USER\Software\Microsoft\OneDrive\

    Key: ClientEverSignedInDWORD

    Value: 0

    This will be changed to 1 after OneDrive runs for the first time, regardless of whether the silent configuration succeeded or not. 

  2. Group Policy computer configuration -> Policies -> Administrative templates -> OneDrive
  • Silently configure OneDrive using primary Windows account: Enabled
  • Allow syncing OneDrive accounts for only specific organizations: Enabled 
  • The maximum size of a user's OneDrive folder before they will be prompted to choose which folders are downloaded: Enabled (Optional)

Be careful when you set the above group policy configurations though. If you are following this MS article , the second method (using Login-AzureRmAccountWILL NOT give you the correct Tenant ID. Find Tenant ID in your Azure AD portal instead.

Copper Contributor

For the people that have gotten this working, did the end users have to manually sign into Windows using their Work accounts or was it literally 100% silent?

Copper Contributor

@Darren Kattan- I'm confused by your question.  The policy setting is "silently configure OneDrive using primary Windows account", so by definition it uses whatever Windows credentials (presumably a work/domain account) the user signed into their PC with and passes them to AAD.  In order to configure the OneDrive client silently the user would necessarily have to *have* a OneDrive in the cloud, so the credentials used to sign into a PC and to OneDrive would, thus, have to be the same...  It doesn't provision a OneDrive for a user from scratch, it just passes their credentials through to AAD so they don't have to manually sign into the OneDrive client after they just logged into the PC.  I may be misunderstanding what you're asking, but generally my experience has been:

 

1. User signs into a computer using a domain account for the first time (or the first time after OneDrive and Group Policy have been setup)

2. After a minute or so the Explorer process restarts and maps the OneDrive folder, popping up a message explaining that the OneDrive client is being configured.

3. On subsequent logins the OneDrive is just there as usual, no muss, no fuss.

 

That being said, I did notice that sometimes directly after imaging a computer the first user to sign in might not trigger the OneDrive silent configuration process - whether that's because my Group Policy settings haven't fully been applied or what I'm not sure, but a reboot always sees the OneDrive client configure itself on the user's next login.

 

Hope this helps!

--R

Copper Contributor

@Ryan AdkinsMy experience is exactly the same as @Bruce S above. If the user hasn't taken the time to add their "Work Account" under Settings then OneDrive opens and asks for an email address. I'm just wondering if I'm doing something wrong, or if everyone here is conveniently glossing over this glaringly manual step.

 

 

Copper Contributor

Ah! I understand your question now @Darren Kattan, thank you. :)

 

In our environment we definitely do not have users sign into a computer and then manually link their Microsoft "Work Account" to it themselves.  Our PCs are bound to on-prem AD, but we have configured a Hybrid AAD environment per the link @Ivan Talboys posted in reply to Bruce above.  I don't know precisely how they did it, but our Systems team has things configured so that our regular on-prem domain accounts (user@ourschool.edu) and our AAD user accounts are the same.  I think at one point we had a different domain suffix, like: user@msmail.ourschool.edu for our AAD user accounts, but now the two are identical.  This allows the credentials to pass freely after PC login without having to manually connect the AAD account like you're describing.

 

The big hurdle for us was Step 2 here: "Setup the issuance of claims" - once we had that straightened out the OneDrive silent configuration worked like a charm.

Brass Contributor

@Darren KattanThey shouldn't need to add work accounts. Can you confirm that the machines are configured to be AAD hybrid-joined? 

Copper Contributor

01740 737602 

Copper Contributor

01740 737602 my bekas account 

Version history
Last update:
‎Oct 25 2017 12:30 PM
Updated by: