Sign in Subscribe
onedrive

Configure One Drive to Backup Automatically important folders via Intune

Dumitru Razvan

3 min read
Configure One Drive to Backup Automatically important folders via Intune

Introduction

If you are getting the following error / warning in Windows Defender Virus & threat protection "Set up OneDrive for file recovery options in case of a ransomware attack." and you want to solve it via Intune for all users:
image (40).png

Then you need to setup OneDrive to auto configure in your organization.

Configuration

Step 1: Create a Configuration Profile for OneDrive

Go to Intune: Microsoft Intune Admin Center

Navigate to Devices > Configuration profiles > Create profile

Select:
Platform: Windows 10 and later
Profile type: Settings Catalog
Click Create, then give the profile a name like Windows 10 - OneDrive AutoConfig

Step 2: Configure OneDrive

Click Add settings.
In the search bar, type OneDrive and select:

  • Silently move Windows known folders to OneDrive
  • Silently sign in users to OneDrive with their Windows credentials
  • Prevent users from moving their Windows known folders to OneDrive
  • Prevent users from redirecting their Windows known folders to their PC
  • Prevent users from synchronizing personal OneDrive accounts
  • Use OneDrive Files On-Demand
    Screenshot_244.png

Set the following values:

  • Silently move Windows known folders to OneDrive β†’ Enable
    Tenant ID: Enter your Microsoft Entra ID Tenant ID (Find it in Microsoft Entra Admin Center > Overview)
    πŸ”Ή What it does: Automatically moves Desktop, Documents, and Pictures folders to OneDrive without user interaction.
    πŸ”Ή Options:
    Enabled β†’ Moves folders silently. Requires Tenant ID.
    Disabled β†’ Users must manually enable backup.

  • Silently sign in users to OneDrive with their Windows credentials β†’ Enable
    πŸ”Ή What it does: Automatically signs users into OneDrive using their Entra ID (Azure AD) credentials.
    πŸ”Ή Options:
    Enabled β†’ No sign-in prompt; seamless experience.
    Disabled β†’ Users must manually sign in.

  • Prevent users from moving their Windows known folders to OneDrive β†’ Disable
    πŸ”Ή What it does: Controls whether users can move their Desktop, Documents, and Pictures to OneDrive.
    πŸ”Ή Options:
    Enabled β†’ Blocks users from moving folders to OneDrive.
    Disabled β†’ Allows users to move folders freely (needed for automatic backup).

  • Prevent users from redirecting their Windows known folders to their PC β†’ Enable
    πŸ”Ή What it does: Prevents users from removing their known folders from OneDrive and putting them back on their local PC.
    πŸ”Ή Options:
    Enabled β†’ Users cannot move folders back to their PC.
    Disabled β†’ Users can manually remove their OneDrive backup.

  • Prevent users from synchronizing personal OneDrive accounts β†’ Enable
    πŸ”Ή What it does: Restricts users from signing into personal OneDrive accounts (e.g., @outlook.com).
    πŸ”Ή Options:
    Enabled β†’ Only allows work/school accounts.
    Disabled β†’ Users can add personal accounts.

  • Use OneDrive Files On-Demand β†’ Enable
    πŸ”Ή What it does: Saves storage by keeping files in the cloud until they are accessed. Users see all files but only download them when needed.
    πŸ”Ή Options:
    Enabled β†’ Files are online by default, downloaded only when opened.
    Disabled β†’ All OneDrive files are downloaded and stored locally.

Screenshot_245.png

Click Next, assign the policy to your Test/Pilot group first, later to All Devices when confident it's working as expected (or a specific user/device group).

Click Create to apply the policy.

Step 3: Verify

  1. On a test device, sync or reboot the device and wait a bit
  2. Open OneDrive settings (Right-click OneDrive in the taskbar > Settings).
  3. Check if Desktop, Documents, and Pictures are backed up under the Backup tab.
  4. If successful, the Windows Defender warning / error for Virus & threat protection will disappear.

image (41).png
This setup automates OneDrive folder backup, ensuring ransomware recovery and compliance.

Conclusion

This is how you can setup OneDrive centrally from intune so that all your users are protected, and their well known folders (Documents, Pictures etc..) are backed up automatically in OneDrive. It also prevents them from syncing personal OneDrives and getting confused to which OneDrive they're syncing their data and also prevents corporate data exfiltration. This can help backup the Documents folder automatically in OneDrive, which is the most important thing. This greatly helps with device rebuilds, as user data will sync from OneDrive like magic. Hope you enjoyed the article, if you would like to know more, please subscribe below (it's free), and become a member where we have some premium pieces of content. And if you need help with configuring your tenant, migrating to the cloud or any other related topic, please feel free to reach out through the contact section.

Sign up for exclusive free content

Enter your email
Subscribe