In enterprise environments for many years we have managed user data through solutions such as Folder Redirection and Roaming Profiles.
These methods, when properly implemented, have proven to be very effective, allowing users to access their data from any computer in the corporate network. In some cases, these solutions have even been a compelling choice, both to promote mobility and to facilitate more streamlined and centralized backup management.
However, with the rise of cloud computing and the almost universal adoption of Microsoft 365, we now have an additional and in some cases preferable option available: OneDrive Known Folder Move (KFM).
OneDrive KFM - what it is
KFM (Known Folder Move) allows us to move our most important user folders - such as Documents, Images, and Desktops - directly to OneDrive.
This means that files are not only automatically saved to the cloud, but are also backed up protected and easily retrievable in case of hardware or software problems. In addition, access to files becomes possible from any device, at any time, as long as there is an Internet connection.
Configuring OneDrive KFM via Group Policy - The Official Setup
First, let’s make sure we have the updated OneDrive Administrative Templates, we can find them on any pc where the OneDrive client is installed in one of the following locations depending on the type of installation:
%localappdata%\Microsoft\OneDrive\<BuildNumber>\adm\%programfiles%\Microsoft OneDrive\<BuildNumber>\adm\
Copy the .admx and .adml files on domain controller in \\<domain>\sysvol\<domain>\Policies\PolicyDefinitions\ and proceed to configure policies in Computer Configuration.
The items we are interested in, along with the recommended setup, are these:
- Prompt users to move Windows known folders to OneDrive
Enabled- Shows a window that prompts users to move their Documents, Pictures, and Desktop folders to OneDrive (If moving the known folders silently doesn’t succeed, users are prompted to correct the error and continue) - Silently move Windows known folders to OneDrive
Enabled- Redirect and move your users’ Documents, Pictures, and/or Desktop folders to OneDrive without any user interaction - Prevent users from redirecting their Windows known folders to their PC
Enabled- Forces users to keep their Documents, Pictures, and Desktop folders directed to OneDrive - Prevent users from moving their Windows known folders to OneDrive
Not configured- This setting doesn’t take effect if you’ve enabled Prompt users to move Windows known folders to OneDrive or Silently move Windows known folders to OneDrive
Redirect of all user folders on OneDrive
OneDrive KFM officially supports only Documents, Pictures and Desktop folders. In fact, Microsoft is keen to point out that
Extending the scope of folders that are synced by One Drive using Windows Folder Redirection Group Policy is not supported [ ref]
If, however, it is a requirement to redirect other user folders as well, such as Videos, Music or other folders, we can still do it with a few simple tricks, let’s see what they are.
First, to avoid any kind of conflict, set the KFM policies like this:
- Prompt users to move Windows known folders to OneDrive
Disabled - Silently move Windows known folders to OneDrive
Not configured - Prevent users from redirecting their Windows known folders to their PC
Enabled - Prevent users from moving their Windows known folders to OneDrive
Enabled
Then force the path to the OneDrive folder in the policies under User Configuration:
- Set the default location for the OneDrive folder
Disabled- The default location of the OneDrive - {organization name} folder will be in %userprofile% - Prevent users from changing the location of their OneDrive folder
Enabled- Specify the tenant ID and set to 1
As a final step we set up a standard Folder Redirection policy using a small workaround: it is a condition that the Root Path must be a valid UNC (Universal Naming Convention) path, otherwise the policy will not be accepted or displayed correctly.
Therefore, to indicate a local path, we must enter this notation in the Root Path
\\?\%USERPROFILE%\OneDrive - <organization_name>\<folder_name>
NOTE: You can go ahead and set Folder Redirection for all folders BUT AppData Folder Redirection is a bad idea ALWAYS, regardless of OneDrive, DON’T DO IT!
The final user-side result will look like this in the picture where, surprisingly, OneDrive seems to support Video and Music folders redirection as well!
