Configuring OneDrive with VMware UEM

Horizon OneDrive Configuration Guide

Following guide will describe how to configure OneDrive in combination with VMware UEM. With the granularity of making OneDrive only available for a specific group of users. Or depending on the use-case available for everyone.

I would advise to use a product like FSLogix to redirect the OneDrive sync folder to a separate VHD(X), allowing for persistent caching of Office 365 data like Outlook, OneDrive,… in a roaming RDS/VDI environment. 
More information on FSLogix O365 Containers can be found here

Installation of OneDrive client

The installation of the OneDrive setup will be performed during the start of the user session by UEM. The “onedrivesetup.exe” will be placed in the base image on “C:\program files (x86)\Microsoft Office\” but any other location can also be chosen (network share). The installer can be downloaded here. The installation requires the necessary elevation, we will be using UEM Process Elevation.

Note: We will be using a OneDrive condition, ensuring only members of a certain group to have OneDrive initialized. Else all other users will get the OneDrive settings and folder redirections.

Configure the following settings: Startup installation + elevation:

UEM Privilege Elevation UEM OneDrive Shortcut configuration

Lockdown for non-OneDrive users

To make sure that OneDrive has been initialized and available for a specific group of users, we will use UEM application blocking. Depending on your use case, this step can be skipped.

Configure following application blocking entry:

UEM application blocking

Note: This configuration is pure for demo purposes. When using this in a live production environment, please note that the allow path should be more restrictive.  

Configuration of OneDrive through UEM

In UEM create a new environment variable setting using the condition set for the OneDrive user group. Use a variable like %OneDriveSync% that has the following value: %userprofile%\##your_company_onedrive_tennant_name##

UEM Enviroment variable

This to ensure an optimal working between Windows and OneDrive as the Windows %OneDrive% variable when used in Folder redirection does not work correctly.  The %OneDriveSync% variable will be used in a GPO to configure the folder redirection as this cannot be done through UEM.

 

 

 

 

 

Additional configuration for OneDrive through GPO

Next create a GPO, this is required as the “quick access” menu does not get adjusted correctly by the OneDrive setup in combination with UEM. It will redirect to the default C:\users\%username%\ folder instead.

OneDrive GPO configuration

Finally create a different UEM ADMX policy that sets all Microsoft Office configuration ( recovery location) and other applications to use OneDrive instead of the default folder redirection.

Conclusion

With all mentioned configuration in place, Onedrive should now be fully enabled in your roaming VDI/RDS environment. The end-user will have all his data folder redirect to OneDrive or not (if he is not member of the Onedrive group).

This will give IT administrators more flexibly and methods in fulfilling needs like O365 that end-users have been used to at home, but still have the ability to manage the setup in a corporate environment. This will benefit the organization, allowing mobile users to have the benefits of OneDrive when roaming between a VDI/RDS solution at work and a corporate laptop when in the field. 

Share and comment!

Configuring printers with user personalization through UEM? Click here to read more

Leave a Reply

Your email address will not be published. Required fields are marked *