Shared devices are a common devices at Care and Cure customers, multiple users have to logon to the shared devices to do there administration. What we see is that these users have to upload documents to there Client dossiers or other applications. But because a shared device is commonly used for web only we had to create a solution to add the OneDrive sync client to these device.
This blog will explain how we created this possibility.
Situation OneDrive sync client
We are using self deploying shared device which do have the following settings to get all things working, Shared PC mode: Enable sets local group policies to configure the device. Some of these are configurable using the shared pc mode options. one of these items are preventing the use of the OneDrive sync client.
Because we want to help the user in the care and cure to work as easy as possible to do their administrative work we are going to create a workaround to use the OneDrive sync client.
Enable OneDrive sync client
There are a few steps we have to take that get things working. we are going to create a new policy set based on a Setting Catalolog.
Create policy
Go to Endpoint management | Devices | Configuration profiles and click on + Create profile
Choose platform and Settings catalog and click on Create
The first setting we want to search for and set is MDM Wins Over GP to create the possibility to override the standard shared pc mode settings. The setting we need to choose is The MDM policy is used and the GP policy is blocked
The second settings is Disable One Drive File Sync and set it to Sync enabled.
Save this and set the assignment to the dynamic device group of you’re shared devices.
The needed steps are now ready for using the OneDrive sync client, but we want to help the users even more and create a policy to automatically signs-in and use the known folders functionality.
Create configuration for OneDrive know folders and auto signs-in
We are going to create yet another Setting catalog profile to achieve the OneDrive sync client to automatically sign-ins and uses the known folder configuration to sync these folders.
In the picture below our best practices are shown, but you can create you’re own for this. But there are 3 you probably would like to set.
First thing we have to do create the policy, go to Endpoint management | Devices | Configuration profiles and click on + Create profile.
Choose platform and Settings catalog and click on Create
Search for Silently move Windows known folders to OneDrive and fill in you’re Tenant id which can be found (most of the times it fill itself automatically) on Azure Active Directory, properties
Search for Disable the tutorial that appears at the end of OneDrive Setup (User) and set it to Enabled
And last but not least Silently sign in users to the OneDrive sync app with their Windows credentials to Enabled.
Conclusion
Because this is a workaround until all SaaS applications will be able to use Word Online as there main document provider we still need this solution. Because multiple user will logon to the shared device the drive will fill up easier so be sure to set the policy Disk level deletion. We are using this policy for a while now and we are getting a lot of positive feedback of our customers when we delivered this as a solution for uploading files.
[…] OneDrive sync client on a Shared device […]