Dell Support looked at it for a month and then escalated it to Microsoft Support who have had it for over a month. When we ask for an update they always say that it has been escalated to a senior resource.

The annoying thing is that Microsoft Support doesn't seem to have any more access to Microsoft documentation that I do. Initially they just Googled "OneDrive", "Sync", and "domain joined" and sent me links to whatever results they got. I said that I can Google too and if those documents had the answer I wouldn't have needed to open the ticket.

Yet someone at Microsoft knows what can and can't be done. Their documentation clearly states that they recognize the issue so they must have documentation somewhere. There are whole suites of tools out there that allow finding information in large amounts of structured and unstructured data. One would expect Microsoft would know something about that.

Did you ever fix this issue. currently facing the same problem

@JWat12 Yes I got the resolution for this. Usually for some organizations when OneDrive is implemented there is a Sync policy created on Sharepoint admin center talking about OneDrive sync to be allowed only on domain joined computers by providing its Active directory domain as a GUID. So if you are facing sync issue with error like "Sorry, OneDrive cant add your folder right now" on your Azure AD joined device then, follow these steps :

1. go to your Sharepoint admin center -> Settings ->OneDrive Sync and note down your domain GUID.

2. Login to affected device and go to registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\OneDrive

3. Under above key ,If AADJMachineDomainGuid keyname is not present then create it and provide your Domain GUID which you copied in step 1 as a value to this keyname. 

4. Close registry

 

Now try to launch OneDrive desktop app on your device again and see if its moving ahead now. (You can try reboot if required)

 

If you have multiple machines which are facing issues then create PowerShell script and deploy it from your MDM provider.

 

Regards,

Suraj Malusare

@JWat12 

 

The answer I got from Microsoft is that you need to have the devices AD joined or hybrid joined or you need to use Conditional Access Policies.

 

Rather than using the OneDrive Sync policy they said to use a different one. In the SharePoint Admin Center go to Policies, Access Control. The Unmanaged Devices policy allows you to block access for unmanaged devices. It defines unmanaged devices as ones that are either hybrid AD joined or Intune managed.

 

At first I thought this would work for us. All our AAD joined devices are Intune managed and it would be easy enough to hybrid join the rest. However, here is where Microsoft tries a scam. I doesn't say on the Unmanaged Devices Policy page but enabling this requires that every user the policy applies to needs to have an AAD P1 license. Of course there is a good chance that you won't realize that until a year later and MS comes back and asks for payment for all the licenses you need but they don't tell you. 

 

In our case, it would mean purchasing AAD P1 licenses for the 95% of our people who use computers that aren't AAD joined which doesn't make sense for us.