Check this out, that will do what you want https://learn.microsoft.com/en-us/sharepoint/deploy-and-configure-on-macos. There’s also a json schema here https://github.com/Jamf-Custom-Profile-Schemas/ProfileManifestsMirror/blob/main/manifests/ManagedPreferencesApplications/com.microsoft.OneDrive.json

Thanks! I’ve actually already got a configuration profile to enable KFMSilentOptIn and a few other things that we’ve been using for a while now with new Mac deployments, but wanted to create some inventory data for what’s actually going on in our entire fleet.

Where was this 2 months ago? lol. I had to make a very similar EA and Microsoft's documentation on this is nonexistent. Honestly the entire onedrive KFM experience is pretty bad.

A few of my biggest complaints. 

• Even with KFM on users must acknowledge a prompt to start the sync.
• With KFM enabled if you uninstall OneDrive it breaks the symbolic links for ~/Documents and ~/Desktop.
• With KFM enabled, you cant drag and drop to your desktop or documents using finder shortcuts. 

If you use KFMSilentOptIn, it shouldn’t require them to acknowledge a prompt, but it has to wait for the OneDrive app to quit and re-open before the app can read the plist file and make the change. However, it seems like if the user has ever manually modified the redirection settings manually that it simply will not enforce the redirection. The cleanest approach is definitely to set this up from the get-go when provisioning a new Mac.

​@john_sherrod 

You still get a dialog that “Onedrive.app would like to start syncing.” If the user clicks do not allow, it takes them back one step with the only option being to click next which brings the popup up again, but the user can close the window instead of clicking next leaving onedrive in an errored state.

Huh. Even if you give it SystemPolicyAllFiles as well as Desktop and Documents in a PPPC setting? I don’t recall seeing that at all in my testing yesterday.

I wasn’t quite satisfied with this, so I added some logic to the extension attribute script to check to see if the user has enabled iCloud Desktop and Documents folder sync and report on that if so. 

#!/bin/bash

# Extension Attribute to check if Desktop and Documents are syncing with OneDrive (KFM) or iCloud
# Author: John Williams Sherrod jwsherrod@mac.com
# Version 2.0, Date: 08-29-2025

# Get the currently logged-in user:
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')

# Check if a user is logged in:
if i -z "$loggedInUser" ]; then
    echo "<result>Error: No logged-in user found</result>"
    exit 1
fi

# Get the user's home folder path:
homeFolder="/Users/$loggedInUser"

# Verify the home folder exists:
if i ! -d "$homeFolder" ]; then
    echo "<result>Error: Home directory $homeFolder not found for user $loggedInUser</result>"
    exit 1
fi

# Expected default locations for Desktop and Documents:
DEFAULT_DESKTOP="$homeFolder/Desktop"
DEFAULT_DOCUMENTS="$homeFolder/Documents"

# Resolve the actual paths of Desktop and Documents (follows symlinks if redirected):
DESKTOP_PATH=$(readlink -f "$homeFolder/Desktop" 2>/dev/null || echo "$DEFAULT_DESKTOP")
DOCUMENTS_PATH=$(readlink -f "$homeFolder/Documents" 2>/dev/null || echo "$DEFAULT_DOCUMENTS")

# Check for iCloud Desktop and Documents syncing via plist:
ICLOUD_PLIST="$homeFolder/Library/Preferences/com.apple.finder.plist"
ICLOUD_ENABLED=$(/usr/bin/defaults read "$ICLOUD_PLIST" FXICloudDriveDesktop 2>/dev/null)

# Check if paths are redirected to OneDrive or iCloud:
if if "$DESKTOP_PATH" == *"/OneDrive"* && "$DOCUMENTS_PATH" == *"/OneDrive"* ]]; then
    echo "<result>Enabled</result>"
elif if "$DESKTOP_PATH" == *"/OneDrive"* || "$DOCUMENTS_PATH" == *"/OneDrive"* ]]; then
    echo "<result>Partial</result>"
elif if "$ICLOUD_ENABLED" == "1" ]]; then
    echo "<result>Desktop and Documents are Synced to iCloud</result>"
else
    echo "<result>Disabled</result>"
fi

exit 0