If you’re looking at starting to use OneDrive for Business and you’re working with a PCs joined to a local domain, you can now have a seamless sign in experience for end users (Note that the Group Policy setting for this is in preview according to the documentation).
OneDrive for Business from the client’s perspective has been dropped. It’s just OneDrive now, even though the backend is OneDrive for Business as part of an Office 365 subscription.
You’ll need Windows 10 1709+ for this, as that’s the first version of Windows 10 that has OneDrive baked in. There’s no deployment of the app required then, so you won’t need to use or modify OneDrive for Business. The newer client has much less syncing issues too – if you’re not sure what one you’re using, check what executable is running. OneDrive.exe is the new client, where Groove.exe is the older.
Since OneDrive is part of Windows 10 now, if you aren’t ready for this or don’t want it yet, you’ll need to use the Group Policy setting ‘Prevent the usage of OneDrive for file storage’ which is found in Computer Settings > Policies > Administrative Tempates > Windows Components > OneDrive (note that this is different to the location of where the above new policies sit for OneDrive, which is one level down straight under Administrative Templates).
If you’re migrating from an existing install, then you’ll need to follow this process. Otherwise if you’re starting fresh, there’s a great guide here to go through.
The short version of these steps is:
- Windows 10 1709 already has OneDrive, so no deployment required.
- Get the ADML and ADMX Group Policy files and deploy them in your environment. Make sure they’re the latest ones too, which you should be able to get from any Windows 10 1709 PC in the path %localappdata%\Microsoft\OneDrive\BuildNumber\adm\
- Configure your Group Policies to the settings you want, but the one you’ll need for auto sign in is “Silently configure OneDrive using Windows 10 or domain credentials“. This setting should set the regsitry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive] “SilentAccountConfig”=dword:00000001. With this setting, there’s an extra registry settings to configure:[HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive] “EnableADAL”=dword:00000001 – This setting enables Modern Authentication for OneDrive.
That’s it!
After this is configured and you log on, the OneDrive client will automatically sign in as the logged on user – assuming you’re properly set up on the Azure AD and Office 365 side of things. There’s no prompt, no notification and users can start using it straight away at their convenience.
Note that if you disabled OneDrive from running at first user login (usually via the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run with something like “C:\Windows\SysWOW64\OneDriveSetup.exe /silent”, you’ll need to retrigger the install. That /silent switch will make OneDrive install and sign in automatically with the above settings.
If you’re planning on moving user’s home drives to OneDrive, you’ll need to manually move the files or run a script like this to migrate the data – or find a paid solution.
Update 26th April 2019:
I had this broken for a while, and found many others that also had it broken. For me, after spending months with OneDrive for Business support, I ended up working out the Group Policy was corrupt in some way. Completely disabling the policy and creating a new one with the identical settings worked.
For context, I had one Group Policy object that disabled OneDrive. A second one with a higher link order, was targeted at certain users and groups to enable OneDrive. That second one was somehow the problem – maybe an update to ADMX files broke it?
Anyway, re-doing that, and using the reg key to deploy OneDriveSetup.exe to run at login with the switch ‘/thfirstsetup’ was all that was needed, and it worked again.
If you’re having problems yourself with this, put a user and computer in an OU that has all policy inheritance disabled, create new GPOs and try to get it to work that way.
Hi Adam,
The engineer that built our Windows 10 image decided to uninstall OneDrive completely and we’re not in the position to recreate the image. I was hoping that we could create a registry entry using GPO where we put an entry with “C:\Windows\SysWOW64\OneDriveSetup.exe /Silent” under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce so that the next time a user logged in they would get OneDrive installed. However, in my testing with the /Silent the install never happens. If I remove /Silent, then the installation progress bar will show up and the client will be installed; but with /Silent nothing happens even after hours of waiting.
Any ideas?
Thanks,
Brian
Hi Brian,
Bit late in responding sorry, but I’m getting the exact same behavior. I’m wondering if something’s changed in a OneDrive update.
I worked out that it did seem to be installing, it was just not launching OneDrive or setting it to run at startup when the user logged in.
A workaround is to create the registry setting to launch OneDrive for the user, but that won’t apply until the second login and it seems to be clunky. Going to see if I can find anything better…
Hello Adam,
May I ask what you mean by ‘ assuming you’re properly set up on the Azure AD and Office 365 side of things’? I’ve opened a case with microsoft to get this working and according to them it’s not possible (sigh). Any info is grately appreciated.
Thank you in advance for your feedback.
Koen Walraevens
IT- department
Artevelde University college
Belgium
Hi Koen,
IT depends where you’re getting stuck – at what stage are you at?
I’m also having an issue where the above doesn’t work anymore. I’m talking to the OneDrive team but haven’t got an answer yet, waiting for that so I can update this blog post.
My scenario now is it *almost* works but requires the one time manual launch of OneDrive.
Adam, we are seeing the same thing. Did you get a response from Microsoft on why the one time manual launch is required and how to get around it.
I’m still working on this with Microsoft, but they’ve been able to reproduce the issue – so that’s a good start. Will update when I have some sort of answer!
Did you manage a solution to this? i have Azure SSO configured, which works when logging into O365 via browser, however i cant get OneDrive to auto sign in to the users account, for the first time i have to manually click “settings > Add account” then the SSO kicks in and signs in, does anyone have a way to remove that manual step of clicking add account?
Hello Adam,
Thanks for the swift reply! I’m stuck at the beginning actually, Onedrive starts automatically, registry keys are set (autologon & enableadal). But nothings happens when user logs on, onedrive start but no autologon. I’ve noticed that when I add a microsoft account to windows 10 on my test pc, my test pc is registered in azure with my username and then autologon works flawless. This behaviour leads me to assume that I have to ‘get’ my pc registered in azure to resolve this issue. Am I on the right path? I should also mention, our pc’s are registered in Active directory (which will remain the central management tool) and we have azureconnect running to sync users.
My MS case has come to a halt, according to the latest feedback, there is no way to get this working. Which contradicts their own document where the registry keys are noted….
Greetings,
Koen
Hi Koen,
Yes you’re on the right path, is your PC set up for Azure AD Hybrid? Do you have other SSO/PTA stuff already set up and working? (check my blog for other posts around this!).
If you’ve progressed or fixed it, feel free to report back :)
Is Hybrid AAD is one of the requirements then for OneDrive auto sign in? We have a looming hardware refresh with (seemingly) no plan for managing users locally saved data other than a document saying how to copy specific user profile folders to a flash drive.
Not wanting to be bit by this again, I am attempting to get an example up and running to test and hopefully implement in advance of the refresh. New OneDrive client is ready to go in SCCM and the GPO is configured but there is no activity from OneDrive.
Neal I think so – you’re going to want that for a bunch of reasons anyway. Turning on Hybrid AAD should have zero impact, I’ve got another blog post about that somewhere here :)
Hi Adam,
I did everything. But still onedrive dont sign-in automatically. I have to type email adress. I need this,
I’m pushing onedrive via SCCM. Its installing but not sign-in automatically. Do you have an idea for this problem ? thanks.
Just to clarify for people here. If you do not have Hybrid Azure device registration activated for your OU/Domain, auto sign-in will not work.I is a minimum requirement. It is easy to set up on the latest versions of ADConnect.
Hi Adam,
How did you get on with the Microsoft ticket? Are you able to provide an update if it’s possible to get OneDrive to login automatically on login to Windows? We moved to Seamless SSO from ADFS and this stopped working. We do have Hybrid Azure Device registration setup.
Thanks
Hi TheSyncJob,
I do have an update, I’ll write it in the main post now.
Thanks