Following guide will describe how to configure OneDrive in combination with VMware UEM. With the granularity of making OneDrive only available for a specific group of users. Or depending on the use-case available for everyone.
UPDATE: I have written an update blog where I use the machine based Onedrive installer.
I would advise to use a product like FSLogix to redirect the OneDrive sync folder to a separate VHD(X), allowing for persistent caching of Office 365 data like Outlook, OneDrive,… in a roaming RDS/VDI environment.
More information on FSLogix O365 Containers can be found here.
Installation of OneDrive client
The installation of the OneDrive setup will be performed during the start of the user session by UEM. The “onedrivesetup.exe” will be placed in the base image on “C:\program files (x86)\Microsoft Office\” but any other location can also be chosen (network share). The installer can be downloaded here. The installation requires the necessary elevation, we will be using UEM Process Elevation.
Note: We will be using a OneDrive condition, ensuring only members of a certain group to have OneDrive initialized. Else all other users will get the OneDrive settings and folder redirections.
Configure the following settings: Startup installation + elevation:
Lockdown for non-OneDrive users
To make sure that OneDrive has been initialized and available for a specific group of users, we will use UEM application blocking. Depending on your use case, this step can be skipped.
Configure following application blocking entry:
Note: This configuration is pure for demo purposes. When using this in a live production environment, please note that the allow path should be more restrictive.
Configuration of OneDrive through UEM
This configuration is done when using RDSH (Windows Server OS) as there may be timing issues when using the VDI configuration.
In UEM, create a new environment variable setting using the condition set for the OneDrive user group. Use a variable like %OneDriveSync% that has the following value: %userprofile%\##your_company_onedrive_tennant_name##.
This to ensure an optimal working between Windows and OneDrive as the Windows %OneDrive% variable when used in Folder redirection does not work correctly. The %OneDriveSync% variable will be used in a GPO to configure the folder redirection as this cannot be done through UEM.
Additional configuration for OneDrive through GPO
Next create a GPO, this is required as the “quick access” menu does not get adjusted correctly by the OneDrive setup in combination with UEM. It will redirect to the default C:\users\%username%\ folder instead.
When configuring OneDrive for a VDI environment like using Windows 10, the necessary configuration does change a bit. First of all, the Onedrive installation needs to be done as a machine based installation. I have wrote a follow-up blog which you can find here: Configuring OneDrive with VMware UEM – Machine based
Make sure you disable all the built-in OneDrive scheduled tasks that are shipped with Windows 10 out of the box. Because these will still run in the user context and install the Onedrive installation in the user profile.
I suggest checking the base-image with a Microsoft Sysinternals tool called Autoruns. It’s a superb tool in keeping your image clean from auto processes and tasks that get run on startup / logon.
The OneDrive configuration in UEM is straight forward, create a folder redirection policy for the OneDrive user group.
Additional Policies – Microsoft Office
Finally, adjust or create your UEM ADMX policies that set all Microsoft Office configuration ( recovery location) and other applications to use OneDrive instead of the default folder redirection.
To ensure that, all data even the recovery files of Office are redirected to OneDrive. I have created an example where I have redirected all Office applications to Onedrive.
These settings should be the only out-of-the-box settings that need to be reconfigured when using a Default VDI/RDSH deployment with Office in combination with OneDrive.
With all mentioned configuration in place, Onedrive should now be fully enabled in your roaming VDI/RDS environment. The end-user will have all his data folder redirect to OneDrive or not (if he is not member of the Onedrive group).
This will give IT administrators more flexibly and methods in fulfilling needs like O365 that end-users have been used to at home, but still have the ability to manage the setup in a corporate environment. This will benefit the organization, allowing mobile users to have the benefits of OneDrive when roaming between a VDI/RDS solution at work and a corporate laptop when in the field.
Share and comment!
Configuring printers with user personalization through UEM? Click here to read more
26/06/19 – Added link to machine based installer blog
13/07/20 – Added Office GPO examples + RDSH/VDI config