- Automation for Active Directory, Microsoft 365, and Google Workspace with ManageEngine ADManager Plus - Tue, Sep 20 2022
- New features in Windows 11 22H2 for professional users - Tue, Sep 13 2022
- Recover Active Directory domain controllers with nonauthoritative restore - Wed, Sep 7 2022
As a reaction to outdated onboard Windows tools, several products for enterprise file synchronization have come onto the market, such as Dropbox and Nextcloud. Microsoft itself made a halfhearted attempt to offer an on-prem solution for this purpose with Work Folders. In the meantime, the manufacturer has shifted its focus toward the cloud.
Microsoft Office 365 makes use of OneDrive for Business, allowing organizations to provide cloud-based storage for end users. It also enables them to redirect and move the familiar folders, including the Desktop, Documents, Pictures, Screenshots, and Camera Roll folders, to OneDrive.
The process of redirecting and moving these folders to OneDrive for Business is called Known Folder Move (KFM). It provides benefits to both the business and end users, including the following:
- It maintains user familiarity with file locations—This is a crucial benefit that helps to minimize the support burden of introducing a disruptive change to end-user processes and workflows.
- Files placed in OneDrive for Business ensure the data is located in the cloud, allowing file access from any device—The hybrid workforce requires access to files and data from anywhere and any device. Connectivity to the Internet is all users need to benefit from files located in OneDrive for Business.
- Provides access to the file versioning and deleted items capabilities—OneDrive for Business has protective features built into the platform that allow users to perform self-service file recovery using file versioning and the deleted items functionality.
- It provides IT admins with the tools to control KFM capabilities—IT admins can use Group Policy, Microsoft Intune Administrative Templates, or registry keys to control the behavior of KFM for users.
Hurdles to transitioning to OneDrive for Business using KFM ^
A hurdle for many businesses will be the effort required to transition from traditional on-premises technologies used to handle end user file storage to the redirected OneDrive for Business location. It will require a bit of a transition period for organizations currently using technologies such as Folder Redirection, Offline Files (client-side caching, or CSC), and Roaming User Profiles.
Enterprises commonly use these traditional technologies to solve the challenges of access to user files and to provide a way to protect user files from data loss. However, organizations will need to "undo" existing policies that implement Folder Redirection to transition over to KFM policies. Note the following scenarios:
Folders have already been redirected to OneDrive using a Folder Redirection Group Policy.
- Disable the Folder Redirection Group Policy. Be sure to leave the folder and contents on OneDrive.
- Enable the KFM Group Policy. Leave known folders in OneDrive.
Folders have been redirected to a location on a local PC.
- Disable the Folder Redirection Group Policy and leave the folder and contents at the redirected location.
- Enable the KFM Group Policy, which moves known folders to OneDrive.
Folders have been redirected to a network file share.
- Admins need to copy the user files from the network file share to the Known Folder location on OneDrive.
- The file contents need to go into the existing Documents, Pictures, or Desktop folders.
- Disable the Folder Redirection Group Policy.
- Leave the folder and contents on the network file share.
- Enable the KFM Group Policy, which moves known folders to OneDrive.
- These will merge with the existing Desktop, Documents, and Pictures folders, which contain the file share content moved in Step 1.
Manage KFM settings with Group Policy ^
First, let's see how you can manage the KFM settings with Group Policy. For this purpose, you need to install the OneDrive policy templates in your Active Directory Policy Definitions Central Store. You can find the .admx and .adml files you need on a Windows client using the OneDrive sync app. The screenshot below is from a Windows 11 client. The path is found in the %localappdata%\Microsoft\OneDrive\BuildNumber\adm\ folder.
Paste the files into the Policy Definition Central Store on your domain controller at \\<domain>\sysvol\<domain>\Policies\PolicyDefinitions. When you refresh your administrative templates, you should see the OneDrive node appear.
There are a few Group Policy settings to take note of with KFM in Group Policy. These allow configuring more user-involved, voluntary file relocations, or mandatory, silent moves, including:
- Prompt users to move Windows known folders to OneDrive—If you enable this setting and provide your tenant ID, users who are syncing their OneDrive will see the "Your IT department wants you to protect your important folders" window when they're signed in. If they close the window, a reminder notification will appear in the activity center until they move all three known folders. If a user has already redirected their known folders to a different OneDrive account, they will be prompted to direct the folders to the account for your organization (leaving existing files behind).
- Silently move Windows known folders to OneDrive—This setting lets you redirect known folders to OneDrive without any user interaction. If you enable this setting and provide your tenant ID, you can choose whether to display a notification to users after their folders have been redirected.
- Prevent users from redirecting their Windows known folders to their PC—This setting forces users to keep their Documents, Pictures, and Desktop folders directed to OneDrive. If you enable this setting, the "Stop protecting" button in the "Your IT department wants you to protect your important folders" window will be disabled, and users will receive an error if they try to stop syncing a known folder.
- Prevent users from moving their Windows known folders to OneDrive—If you enable this setting, users won't be prompted with the "Set up protection of important folders" window, and the "Start protection" command will be disabled. If the user has already moved their known folders, the files in those folders will remain in OneDrive.
Microsoft Intune configuration profiles provide similar configuration settings for KFM using OneDrive for Business.
Wrapping up ^
The process of migrating files to OneDrive for Business with Known Folder Move is an easy way to house and protect user files in the cloud. It is implemented using Group Policy, Microsoft Intune, or direct registry modification on end user clients.
Subscribe to 4sysops newsletter!
The main challenge with implementation will be transitioning from legacy technologies, such as Folder Redirection, to the Known Folder Move process.