We’re Trying to force OneDrive to sync Desktop and Documents on our Macs using Jamf. machines aren’t domain-joined. They’re already signed into Outlook/Teams with their work accounts.Here’s what I’m trying to do: Auto sign users into OneDrive Turn on Known Folder Move (KFM) for Desktop/Documents Avoid macOS prompts asking for folder access What I’ve done so far: PPPC profile – I used the correct code signature from the OneDrive app (verified with codesign). Gave access to Desktop, Documents, and Downloads. But the profile fails to apply in Jamf with a status of “Failed”. Script – I’ve got a script that reads the signed-in email from Office apps and uses the odopen:// URL to trigger OneDrive login. It runs, but OneDrive either doesn’t sign in or doesn’t start syncing unless the user manually clicks through prompts. Where I'm stuck: PPPC profile won’t install, even though the code signature looks right. Even if OneDrive opens, syncing doesn’t start unless the user allows folder access manually. I want this to be completely silent, no user interaction. Anyone get this working with Jamf ? Not sure if I’m missing something in the PPPC or the script.Appreciate any advice. Thanks!

Solved

OneDrive KFM Auto-Setup Failing – PPPC Profile Not Working

Forum|Forum|4 months ago
July 28, 2025
5 replies
303 views

MoJo
New Contributor

We’re Trying to force OneDrive to sync Desktop and Documents on our Macs using Jamf. machines aren’t domain-joined. They’re already signed into Outlook/Teams with their work accounts.

Here’s what I’m trying to do:

Auto sign users into OneDrive
Turn on Known Folder Move (KFM) for Desktop/Documents
Avoid macOS prompts asking for folder access

What I’ve done so far:

PPPC profile – I used the correct code signature from the OneDrive app (verified with codesign). Gave access to Desktop, Documents, and Downloads. But the profile fails to apply in Jamf with a status of “Failed”.
Script – I’ve got a script that reads the signed-in email from Office apps and uses the odopen:// URL to trigger OneDrive login. It runs, but OneDrive either doesn’t sign in or doesn’t start syncing unless the user manually clicks through prompts.

Where I'm stuck:

PPPC profile won’t install, even though the code signature looks right.
Even if OneDrive opens, syncing doesn’t start unless the user allows folder access manually.
I want this to be completely silent, no user interaction.

Anyone get this working with Jamf ? Not sure if I’m missing something in the PPPC or the script.

Appreciate any advice. Thanks!

Best answer by MoJo

Got this working — turns out the issue was with folder-specific permissions (Desktop/Documents). Instead of trying to grant access to each one, I gave OneDrive full disk access using SystemPolicyAllFiles in the PPPC config.

MoJo
Author
New Contributor
Answer
Forum|Forum|4 months ago
July 28, 2025

drewcymek
Contributor
Forum|Forum|3 months ago
August 2, 2025

@MoJo Awesome job. Could you share the script that you used to auto-enabled the syncing?

MoJo
Author
New Contributor
Forum|Forum|3 months ago
August 2, 2025

@drewcymek

#!/bin/bash

# This script grabs the user's Office email by
# checking Outlook and Teams config folders.
# - Just pulls the first email it finds
# - User needs to have opened Outlook or Teams before
# - If there are multiple accounts, it grabs the first one

loggedInUser=$(stat -f "%Su" /dev/console)

outlookPath="/Users/$loggedInUser/Library/Group Containers/UBF8T346G9.Office/Outlook/Account Configuration"
teamsPath="/Users/$loggedInUser/Library/Group Containers/UBF8T346G9.Office/Teams/IdentityCache"

userEmail=""

# Check Outlook first
if [ -d "$outlookPath" ]; then
echo "Looking in Outlook config..."
userEmail=$(grep -E -o "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}" "$outlookPath"/* 2>/dev/null | head -n1)
fi

# If not found, try Teams
if [ -z "$userEmail" ] && [ -d "$teamsPath" ]; then
echo "Looking in Teams cache..."
userEmail=$(grep -E -o "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}" "$teamsPath"/* 2>/dev/null | head -n1)
fi

if [ -z "$userEmail" ]; then
echo "No email found for $loggedInUser. Exiting."
exit 1
fi

echo "Found email: $userEmail"

MoJo
Author
New Contributor
Forum|Forum|3 months ago
August 2, 2025

#!/bin/bash

# This script grabs the user's Office email by
# checking Outlook and Teams config folders.
# - Just pulls the first email it finds
# - User needs to have opened Outlook or Teams before
# - If there are multiple accounts, it grabs the first one

loggedInUser=$(stat -f "%Su" /dev/console)

outlookPath="/Users/$loggedInUser/Library/Group Containers/UBF8T346G9.Office/Outlook/Account Configuration"
teamsPath="/Users/$loggedInUser/Library/Group Containers/UBF8T346G9.Office/Teams/IdentityCache"

userEmail=""

# Check Outlook first
if [ -d "$outlookPath" ]; then
    echo "Looking in Outlook config..."
    userEmail=$(grep -E -o "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}" "$outlookPath"/* 2>/dev/null | head -n1)
fi

# If not found, try Teams
if [ -z "$userEmail" ] && [ -d "$teamsPath" ]; then
    echo "Looking in Teams cache..."
    userEmail=$(grep -E -o "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}" "$teamsPath"/* 2>/dev/null | head -n1)
fi

if [ -z "$userEmail" ]; then
    echo "No email found for $loggedInUser. Exiting."
    exit 1
fi

echo "Found email: $userEma

drewcymek
Contributor
Forum|Forum|3 months ago
August 3, 2025

Thanks for that. It seem the script only includes grabbing the user’s email. Is there an additional portion for these steps?

Turn on Known Folder Move (KFM) for Desktop/Documents
Avoid macOS prompts asking for folder access

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded