OneDrive ADMX Templates for IT Admins

OneDrive ADMX templates are a crucial tool for IT admins to manage and configure OneDrive settings for their organization. These templates allow admins to enforce company policies and settings, such as file sharing and synchronization, across the entire organization.

With OneDrive ADMX templates, admins can customize settings like file sharing, synchronization, and storage quotas for their users. This ensures that all users have a consistent OneDrive experience.

OneDrive ADMX templates can be downloaded from the Microsoft website and imported into the Group Policy Editor. This allows admins to easily configure and manage OneDrive settings for their organization.

By using OneDrive ADMX templates, IT admins can simplify the management of OneDrive settings and ensure that users are complying with company policies.

To manage OneDrive using Group Policy, you'll need to install the OneDrive sync app for Windows. This downloads the .adml and .admx files, which are essential for configuring OneDrive settings.

The OneDrive GPOs work by setting registry keys on the computers in your domain. If you later change the setting back to Not configured, the corresponding registry key isn't modified, and the change doesn't take effect.

You can verify the Administrative Template files in Group Policy Management Editor by starting Group Policy Management and editing the Default Domain Policy. Expand the folders Computer Configuration > Policies > Administrative Templates > OneDrive and User Configuration > Policies > Administrative Templates > OneDrive to verify the OneDrive GPO settings.

To enable offline mode in OneDrive on the web, you need to set the registry key value to 0.

By default, offline mode is turned on for users of OneDrive on the web, but you can disable it for all users on the device by setting the registry key value to 1.

To re-enable offline mode, set the following registry key value to 0: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"DisableOfflineMode"="dword:0".

This setting prevents users from enabling offline mode in OneDrive on the web for libraries and folders shared from other organizations by setting the registry key value to 1: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"DisableOfflineModeForExternalLibraries"="dword:1".

You can re-enable offline mode for libraries and folders shared from other organizations by setting the registry key value to 0: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"DisableOfflineModeForExternalLibraries"="dword:0".

Silently moving known folders to OneDrive is a great way to keep your users' files organized and backed up. This setting is especially useful for large organizations with many users.

You can use this setting to redirect and move your users' Documents, Pictures, and/or Desktop folders to OneDrive without any user interaction. This is a recommended approach for existing devices and new devices, with a deployment limit of 1,000 devices a day and 4,000 devices a week.

To enable this setting, you'll need to set the following registry key value to 1: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMSilentOptIn"="1111-2222-3333-4444". This string value represents the tenant ID.

If you want to display a notification to users after their folders have been redirected, you can set the following registry key value to 1: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"KFMSilentOptInWithNotification"=dword:00000001.

To specify which folders to move, you can set the following registry key values to 1:

If you set any of these policies, the default policy will move all the folders (Desktop, Documents, and Pictures) into OneDrive.

To set up OneDrive ADMX, you'll need to create a new group policy object (GPO) and link it to your domain. This will allow you to configure OneDrive settings for your organization.

The OneDrive ADMX template provides a range of security settings that can be configured through group policy. These include settings for syncing and sharing, as well as settings for managing OneDrive permissions.

OneDrive has built-in permissions that allow you to control what users can do with their OneDrive files. For example, you can configure OneDrive to require users to sign in with their organizational account to access their files.

Disabling permission inheritance in read-only folders can improve the performance of the OneDrive sync app. This setting is particularly useful for users who only need to view content in SharePoint.

The OneDrive sync app removes all inherited permissions within read-only folders when this setting is enabled. This doesn't change the user's permissions to view or edit content in SharePoint.

To enable this setting, administrators need to set the "PermitDisablePermissionInheritance" policy to 1 in the registry key HKLM\SOFTWARE\Policies\Microsoft\OneDrive. This policy doesn't apply to users who aren't syncing read-only content.

We recommend this setting for users who only need to view content in SharePoint, as it can improve the performance of the sync app.

You can restrict OneDrive accounts to specific organizations by using the Allow syncing OneDrive accounts for only specific organizations setting.

This setting lets you specify a list of allowed tenant IDs, preventing users from easily uploading files to other organizations.

To enter a tenant ID, navigate to the Options box and select Show.

The setting takes priority over Block syncing OneDrive accounts for specific organizations, so don't enable both settings at the same time.

If you enable this setting, users will get an error if they attempt to add an account from an organization that isn't allowed.

If a user has already added the account, the files will stop syncing.

You can enter a tenant ID in the following format: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList] "1111-2222-3333-4444".

Note that "1111-2222-3333-4444" is the tenant ID.

The Allow syncing OneDrive accounts for only specific organizations setting is a useful tool for controlling file sharing and preventing unauthorized access.

However, be aware that this setting will prevent users from adding accounts from unallowed organizations, but won't delete existing accounts.