Jamf Nation Community

sguzman1 · ‎09-08-2022

Hello All,

I was wondering if anyone here has been able to successfully implement OneDrive Known folder move?

We are trying to move user's Desktop and Documents folders to OneDrive, without any user interaction, we have tried to apply these settings using the Applications and Custom settings payload, we can see the CP in System preferences Profiles but nothing changes in Onedrive. Other settings like hide dock icon and open at login are successfully applied with the same CP.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>KFMBlockOptOut</key>
    <true/>
    <key>KFMOptInWithWizard</key>
    <string>xxxxxxxxx</string>
    <key>KFMSilentOptIn</key>
    <string>xxxxxxxxx</string>
    <key>HideDockIcon</key>
    <true/>
    <key>OpenAtLogin</key>
    <false/>
  </dict>
</plist>

Here is the sample of the plist created in the CP.

Thanks,

obi-k · ‎09-09-2022

Yeah, you're right @andrew_nicholas. Curious to know your guys' thoughts on this OneDrive redirect. Do you and your users like the experience?

View solution in original post

obi-k · ‎09-09-2022

What version of OneDrive are you using on the Mac? Once updated to the latest on the current channel, it worked for us.

Is your ORG migrated to M365? When you open OneDrive, did your users need to authenticate?

sguzman1 · ‎09-09-2022

On the testing machine we are on version 22.166.0807.

Yes we are on O365, when reopen Onedrive it did not ask to authenticate.

sguzman1 · ‎09-09-2022

Hi @obi-k so you are using an insider version? Is this why it is working for you?

Thanks,

obi-k · ‎09-09-2022

Yeah. Can you kick a Mac or two over for testing with this CP?

sguzman1 · ‎09-10-2022

Hello @obi-k yes it worked, I also had to add a PPPC to give OneDrive Full disk access, and it is working now.

Thanks for your help!

JamfTechHelp · ‎10-04-2022

@sguzman1 Could you please help me out with configuration screenshot ? i tried below settings but nothing worked.

@sguzman1 wrote:
Hello @obi-k yes it worked, I also had to add a PPPC to give OneDrive Full disk access, and it is working now.
Thanks for your help!

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">

<dict> <key>KFMSilentOptIn</key>

<key>KFMSilentOptInDesktop</key>

<true/>

<key>KFMSilentOptInDocuments</key>

<true/>

<key>KFMSilentOptInWithNotification</key>

<true/>

</dict>

</plist>

sguzman1 · ‎10-06-2022

Hello,

I had to build 3 different CP:
Onedrive RedirectAdd devices to insiders ringOneDrive full disk access

andrew_nicholas · ‎09-09-2022

Is this in the general release ring yet? The below article makes it sound like it is still only available on the insiders release ring only, so unless that is what you are deploying I'm not sure it will work.

Redirect and move macOS known folders to OneDrive - OneDrive | Microsoft Docs

piotrr · ‎11-09-2022

It's a staged release. It was in insiders forever but it's slowly coming to Current.

CORRECTING MYSELF HERE: nope, it's still not in Current.

Frustratingly, not even all my own users are staged yet, so some work and some will have to wait. It doesn't hurt to send out the configuration and PPPC beforehand though - if PPPC is in place before OneDrive asks for it, you get that much fewer user interactions. :)

obi-k · ‎09-09-2022

Yeah, you're right @andrew_nicholas. Curious to know your guys' thoughts on this OneDrive redirect. Do you and your users like the experience?

markdmatthews · ‎01-12-2023

I have had zero luck getting the "Production" ring/tier to work in the com.microsoft.OneDriveUpdater.plist

Deferred and Insiders work as expected:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>EnableFasterRingUpdate</key>

<string>Production</string>

</dict>

</plist>

markdmatthews · ‎01-24-2023

Confirmed with MSFT Engineer Tier/Ring 'Production' does not work to enfore or limit access in com.microsoft.OneDriveUpdater.plist (like it does for Insider or Deffered)

pabohr · ‎01-25-2023

@markdmatthews, have you found a way to have the Macs on Production tier and have the "Get OneDrive Insider Preview updates" check-box disabled and greyed out?

markdmatthews · ‎01-25-2023

Configuration Profile > Application & Custom Settings > Upload
Preference Domain: com.microsoft.OneDriveUpdater
Property List:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>EnableFasterRingUpdate</key>

<string>Insiders</string>

</dict>

</plist>

andrew_nicholas · ‎09-09-2022

To be truthful, we don't generally permit the insider release. There are enough problems in the day without adding in 2 hours of troubleshooting only to remember that one user is on an essentially preview version of an app.

obi-k · ‎09-09-2022

I don't blame ya

TheHoff · ‎10-13-2022

Was wondering if this was working smoothly with anyones users. Thinking about implementing this as well for our users, but am quite new to Jamf and quite lost to be honest.

I have managed to get the Full Disk access sorted with PPPC, but am stuck with the whole plist thing. Like where does the <string> data supposed to come from, and how do I inject it to the machines. When I try to add a plist to my CP, it only allows me to add a JSON. Anyone?

sguzman1 · ‎10-13-2022

Hello @TheHoff

I used a schema that was posted on another JAMF Nation conversation. I have been trying to find the original post but I can't find it.
How to add it to Jamf? go to configuration profiles> Applications and custom settings> external applications> and then select custom schema and paste the entire text. It will allow you to select every option from a dropdown. I am sorry I can't find the link to the schema, maybe someone out here have it.

TheHoff · ‎10-13-2022

Thanks for your reply, I will also look around to see if I can find it.

TheHoff · ‎10-13-2022

I think I have found it: https://pastecode.io/s/34721iky. It came from this post: https://community.jamf.com/t5/jamf-pro/onedrive-configuration-profile/m-p/236630/highlight/true

And I have managed to update my CP. One thing I am not sure of though. I need to fill in the Application domain, and on all examples it states: com.microsoft.OneDriveUpdater. Is there a reason this particular file is targeted? I will test on monday if all works.

JamfTechHelp · ‎11-09-2022

When i have deployed KFMOptInWithWizard and KFMSilentOptIn only 1st time its working and revoke and tried again not working. Seems to be consistency is missing. Anyone comes across this issue ?

pabohr · ‎11-16-2022

I've noticed that on preview channel (22.227.1030), the Backup tab is available on both Intel and Apple Silicon Macs.

However, on the current channel (22.225.1026 ), Backup is available on Intel Macs but not on Apple Silicon ones.

On Intel:

On Apple Silicon M1:

Anyone else noticed the same? Or am I missing something?

pabohr · ‎11-16-2022

Edit to my post above

Even on Intel Macs, Backup tab is not consistently available on version 22.225.1026.

I erased an Intel Mac where Backup was available on 22.225 and set it up again. Now I don't see the Backup option anymore even though I am on the same OneDrive version.

Edit 2:

On my M1 Mac, Backup tab all of a sudden appeared and my OneDrive files appeared on the Desktop without any action from my part, and with OneDrive still being on version 22.225.

Honestly, I am totally lost...

TheHoff · ‎11-16-2022

Same here, I gave up for now and will have another look after the holidays. It is behaving way to erratic for us to roll out any time soon.

pabohr · ‎01-13-2023

Edit:

I had some clarification regarding the availability of this feature on a client computer after additional test s and a ticket opened with MS. The OneDrive version needs to be on 22.217.1016 and it needs to be on the Production or Insider ring. If OneDrive is on the Deferred ring, even if it is on 22.217 or higher the Backup tab will not be visible.

The only problem we still have is that MS cannot say how long it will take for the Backup tab to be available once you switch from Deferred to Production ring, and they cannot 100% confirm that all clients on Production ring will have this feature available as it is still "rolling out". We escalated this with MS and asked them to provide us with a reliable way of knowing which OneDrive client has this feature available.

pabohr · ‎11-16-2022

If you push the Configuration Profile to enable this AFTER OneDrive has already been setup and is being used, nothing seems to be happening unless the users quits OneDrive and starts it again.

Is this the expected behavior or is there a way to enable this without having to restart OneDrive?

markdmatthews · ‎01-12-2023

It appears to be expected behavior for existing installs that you need to quit and re-open OneDrive per https://learn.microsoft.com/en-us/sharepoint/deploy-and-configure-on-macos#kfmsilentoptin

pabohr · ‎01-13-2023

Thanks @markdmatthews. I overlooked the part about restarting OneDrive for the settings to be picked up. I also had Microsoft support confirm that.

JamfTechHelp · ‎01-23-2023

I have tried enabling OneDrive KFM on mac in the following way but results are not in the expected way.

1.Configuration Profile ( /Library/Managed\ Preferences/com.microsoft.OneDrive.plist ) - By this method, consistency is missing. By mistakenly if user unlink an account from OneDrive, cant able to enable back through profile again.

2.Scripts ( ~/Library/username/Preferences/com.microsoft.OneDrive.plist ) - if we manually run the command on terminal its working but through Jamf Scripting its not enabling ( image attached).

markdmatthews · ‎01-24-2023

That is expected behavior using 'defaults write' ... to enforce use a managed Plist (Configuration Profile) > Application & Custom Settings

pabohr · ‎01-25-2023

@markdmatthews, based on what @Jamftechelp wrote above and some testing I did, if the user manually stopped backing up the folders from OneDrive Preferences, we cannot re-enable it using the Configuration Profile.

To work around that we have pushed a configuration profile to all our Macs to block OneDrive KFM while it was still available only in Insiders, and once we enable it to a specific group of devices we block them from opting out. That way, they cannot enable or disable it manually by mistake.

markdmatthews · ‎01-24-2023

1. Add Configuration Profile > Privacy Preferences Policy Control
Identifier: com.microsoft.OneDrive
Identifier Type: Bundle ID
Code Requirement: identifier "com.microsoft.OneDrive" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
App or Service: SystemPolicyAllFiles Access: Allow

2. Configuration Profile > Application & Custom Settings
Preference Domain: com.microsoft.OneDrive
Property List:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableAutoConfig</key>
<integer>0</integer>
<key>DisablePersonalSync</key>
<true/>
<key>DisableTutorial</key>
<true/>
<key>OpenAtLogin</key>
<true/>
<key>KFMSilentOptIn</key>
<key>####</key>
<key>KFMSilentOptInDesktop</key>
<true/>
<key>KFMSilentOptInDocuments</key>
<true/>
<key>KFMSilentOptInWithNotification</key>
<false/>
<key>KFMBlockOptOut</key>
<true/>
<key>AllowTenantList</key>
<dict>
<key>####</key>
<true/>
</dict>
<key>BlockExternalSync</key>
<true/>
</dict>
</plist>

NOTE: IF attempting on a device with OneDrive already installed (in use) you will need to quit and re-open OneDrive.

mdcooledge · ‎10-06-2023

How to do you force OneDrive to quite and re-open? Policy, script? Any info would be greatly appreciated.

markdmatthews · ‎10-06-2023

#!/bin/sh

exec 2>&1

### Kill OneDrive application and sync process(es)
/usr/bin/killall OneDrive
/usr/bin/pgrep -x FinderSync | xargs kill -9

### Open OneDrive
open /Applications/OneDrive.app

stutz · ‎05-02-2023

Has anyone been successful with actually turning on the Backup Desktop and Documents feature automatically using a profile? I've used both KFMOptInWithWizard and KFMSilentOptIn settings and it doesn't turn on automatically. The user still has to click the "Start Backup" button.

pabohr · ‎05-02-2023

@stutz, we are using the KFMSilentOptIn key and it works for us. There are however two things we noticed:

1) Once you push the config profile with the KFMSilentOptIn key, OneDrive needs to be restarted.

2) If the user has manually disabled the Backup option prior to the admin pushing the config profile, the Backup feature will not start automatically even after a restart of the app, and the user will need to manually click on the "Start Backup". This has caused us headaches during the testing phase...

stutz · ‎05-03-2023

@pabohr thanks for confirming. Are you using any other KFM keys besides KFMSilentOptIn in your configuration?

pabohr · ‎05-03-2023

We have the following keys configured:

<key>HideDockIcon</key> <true/>

<key>KFMBlockOptOut</key> <true/>

<key>KFMSilentOptIn</key> <string>5*******-****-****-****-***********c</string>

<key>OpenAtLogin</key> <true/>

stutz · ‎05-03-2023

@pabohr perfect, thanks for your help.

Jamf Nation Community

OneDrive Known Folder move workflow