I was wondering if anyone here has been able to successfully implement OneDrive Known folder move?
We are trying to move user's Desktop and Documents folders to OneDrive, without any user interaction, we have tried to apply these settings using the Applications and Custom settings payload, we can see the CP in System preferences Profiles but nothing changes in Onedrive. Other settings like hide dock icon and open at login are successfully applied with the same CP.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KFMBlockOptOut</key> <true/> <key>KFMOptInWithWizard</key> <string>xxxxxxxxx</string> <key>KFMSilentOptIn</key> <string>xxxxxxxxx</string> <key>HideDockIcon</key> <true/> <key>OpenAtLogin</key> <false/> </dict> </plist>
Here is the sample of the plist created in the CP.
Solved! Go to Solution.
What version of OneDrive are you using on the Mac? Once updated to the latest on the current channel, it worked for us.
Is your ORG migrated to M365? When you open OneDrive, did your users need to authenticate?
@sguzman1 Could you please help me out with configuration screenshot ? i tried below settings but nothing worked.
Hello @obi-k yes it worked, I also had to add a PPPC to give OneDrive Full disk access, and it is working now.
Thanks for your help!
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">
Is this in the general release ring yet? The below article makes it sound like it is still only available on the insiders release ring only, so unless that is what you are deploying I'm not sure it will work.
It's a staged release. It was in insiders forever but it's slowly coming to Current.
CORRECTING MYSELF HERE: nope, it's still not in Current.
Frustratingly, not even all my own users are staged yet, so some work and some will have to wait. It doesn't hurt to send out the configuration and PPPC beforehand though - if PPPC is in place before OneDrive asks for it, you get that much fewer user interactions. :)
I have had zero luck getting the "Production" ring/tier to work in the com.microsoft.OneDriveUpdater.plist
Deferred and Insiders work as expected:
Configuration Profile > Application & Custom Settings > Upload
Preference Domain: com.microsoft.OneDriveUpdater
Was wondering if this was working smoothly with anyones users. Thinking about implementing this as well for our users, but am quite new to Jamf and quite lost to be honest.
I have managed to get the Full Disk access sorted with PPPC, but am stuck with the whole plist thing. Like where does the <string> data supposed to come from, and how do I inject it to the machines. When I try to add a plist to my CP, it only allows me to add a JSON. Anyone?
I used a schema that was posted on another JAMF Nation conversation. I have been trying to find the original post but I can't find it.
How to add it to Jamf? go to configuration profiles> Applications and custom settings> external applications> and then select custom schema and paste the entire text. It will allow you to select every option from a dropdown. I am sorry I can't find the link to the schema, maybe someone out here have it.
I think I have found it: https://pastecode.io/s/34721iky. It came from this post: https://community.jamf.com/t5/jamf-pro/onedrive-configuration-profile/m-p/236630/highlight/true
And I have managed to update my CP. One thing I am not sure of though. I need to fill in the Application domain, and on all examples it states: com.microsoft.OneDriveUpdater. Is there a reason this particular file is targeted? I will test on monday if all works.
I've noticed that on preview channel (22.227.1030), the Backup tab is available on both Intel and Apple Silicon Macs.
However, on the current channel (22.225.1026 ), Backup is available on Intel Macs but not on Apple Silicon ones.
On Apple Silicon M1:
Anyone else noticed the same? Or am I missing something?
Edit to my post above
Even on Intel Macs, Backup tab is not consistently available on version 22.225.1026.
I erased an Intel Mac where Backup was available on 22.225 and set it up again. Now I don't see the Backup option anymore even though I am on the same OneDrive version.
On my M1 Mac, Backup tab all of a sudden appeared and my OneDrive files appeared on the Desktop without any action from my part, and with OneDrive still being on version 22.225.
Honestly, I am totally lost...
I had some clarification regarding the availability of this feature on a client computer after additional test s and a ticket opened with MS. The OneDrive version needs to be on 22.217.1016 and it needs to be on the Production or Insider ring. If OneDrive is on the Deferred ring, even if it is on 22.217 or higher the Backup tab will not be visible.
The only problem we still have is that MS cannot say how long it will take for the Backup tab to be available once you switch from Deferred to Production ring, and they cannot 100% confirm that all clients on Production ring will have this feature available as it is still "rolling out". We escalated this with MS and asked them to provide us with a reliable way of knowing which OneDrive client has this feature available.
If you push the Configuration Profile to enable this AFTER OneDrive has already been setup and is being used, nothing seems to be happening unless the users quits OneDrive and starts it again.
Is this the expected behavior or is there a way to enable this without having to restart OneDrive?
I have tried enabling OneDrive KFM on mac in the following way but results are not in the expected way.
1.Configuration Profile ( /Library/Managed\ Preferences/com.microsoft.OneDrive.plist ) - By this method, consistency is missing. By mistakenly if user unlink an account from OneDrive, cant able to enable back through profile again.
2.Scripts ( ~/Library/username/Preferences/com.microsoft.OneDrive.plist ) - if we manually run the command on terminal its working but through Jamf Scripting its not enabling ( image attached).
@markdmatthews, based on what @Jamftechelp wrote above and some testing I did, if the user manually stopped backing up the folders from OneDrive Preferences, we cannot re-enable it using the Configuration Profile.
To work around that we have pushed a configuration profile to all our Macs to block OneDrive KFM while it was still available only in Insiders, and once we enable it to a specific group of devices we block them from opting out. That way, they cannot enable or disable it manually by mistake.
1. Add Configuration Profile > Privacy Preferences Policy Control
Identifier Type: Bundle ID
Code Requirement: identifier "com.microsoft.OneDrive" and anchor apple generic and certificate 1[field.1.2.840.1136184.108.40.206.6] /* exists */ and certificate leaf[field.1.2.840.1136220.127.116.11.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
App or Service: SystemPolicyAllFiles Access: Allow
2. Configuration Profile > Application & Custom Settings
Preference Domain: com.microsoft.OneDrive
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
NOTE: IF attempting on a device with OneDrive already installed (in use) you will need to quit and re-open OneDrive.
Has anyone been successful with actually turning on the Backup Desktop and Documents feature automatically using a profile? I've used both KFMOptInWithWizard and KFMSilentOptIn settings and it doesn't turn on automatically. The user still has to click the "Start Backup" button.
@stutz, we are using the KFMSilentOptIn key and it works for us. There are however two things we noticed:
1) Once you push the config profile with the KFMSilentOptIn key, OneDrive needs to be restarted.
2) If the user has manually disabled the Backup option prior to the admin pushing the config profile, the Backup feature will not start automatically even after a restart of the app, and the user will need to manually click on the "Start Backup". This has caused us headaches during the testing phase...