Hi
The key you've mentioned is correct for starting onedrive at log in. From my experience yes a user needs to have signed in at least once for it to put the icon in the menu bar. Just want to confirm as well, which preference domain have you specified? Should be com.microsoft.OneDrive for Standalone or com.microsoft.OneDrive-mac for Mac App Store variant.
This is essentially what our PLIST looks like with preference domain com.microsoft.OneDrive :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableHydrationToast</key>
<false/>
<key>DisablePersonalSync</key>
<true/>
<key>DisableTutorial</key>
<true/>
<key>DownloadBandwidthLimited</key>
<integer>50000</integer>
<key>EnableAllOcsiClients</key>
<true/>
<key>FilesOnDemandEnabled</key>
<true/>
<key>HideDockIcon</key>
<false/>
<key>OpenAtLogin</key>
<true/>
</dict>
</plist>
I worked on it yesterday.
You do need to open and sign-in once (we use Jamf Connect) so hoped it would pickup those credentials..
Then it basically works.
I worked on it yesterday.
You do need to open and sign-in once (we use Jamf Connect) so hoped it would pickup those credentials..
Then it basically works.
Glad to hear this is working for you.
Possibly the Microsoft Company portal with SSO plug in might give you more like the experience you are expecting/hoping for (assuming Azure AD Authentication)? It is in preview at the moment and has a few caveats. More information here:
Microsoft Enterprise SSO plug-in for Apple devices - Microsoft Entra | Microsoft Docs
Microsoft Enterprise SSO plug-in in Microsoft Intune | Microsoft Docs
Glad to hear this is working for you.
Possibly the Microsoft Company portal with SSO plug in might give you more like the experience you are expecting/hoping for (assuming Azure AD Authentication)? It is in preview at the moment and has a few caveats. More information here:
Microsoft Enterprise SSO plug-in for Apple devices - Microsoft Entra | Microsoft Docs
Microsoft Enterprise SSO plug-in in Microsoft Intune | Microsoft Docs
Thanks for that information AntMac.
When reading the articles (only read the first part 
) it seems like it only works if the machine is enrolled into Intune.
We solely use Jamf for our macbooks. Intune is only configured for our Windows systems.
Dual management (Jamf and Intune) on one computer sounds far from ideal
Thanks for that information AntMac.
When reading the articles (only read the first part ) it seems like it only works if the machine is enrolled into Intune.
We solely use Jamf for our macbooks. Intune is only configured for our Windows systems.
Dual management (Jamf and Intune) on one computer sounds far from ideal
maybe i'm wrong
https://learn.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin#manual-configuration-for-other-mdm-services
My understanding is you can still use the SSO functionality without requiring intune registration using Single Sign on Extension payload set at user level and deployed from JAMF Pro. Would still need to have company portal installed to parse the SSO per Microsoft preview requirements. Just company portal does not auto install if not intune managed or co-managed. Payload information here: ExtensibleSingleSignOn | Apple Developer Documentation
More than happy to be corrected if I'm wrong on the above. We have not implemented this one ourselves but is something on the "to it" list.
Intune joint registration with JAMF Pro as MDM is pretty common for companies that want/need to use conditional access.
