Block Known Folder Move to OneDrive Using Intune: Step-by-Step Guide

By /

How to Prevent Users from Moving Known Folders to OneDrive with Intune

By default, Windows prompts users to back up their Desktop, Documents, and Pictures folders to OneDrive. In some organizations, you may want to keep those files on local drives for security, compliance, or storage management reasons. Microsoft Intune lets you block folder redirection so users can’t move their known folders into OneDrive. Here’s how to set it up.

Why Block Known Folder Moves?

When users redirect folders to OneDrive, they store files in the cloud automatically. That’s great for backup, but in certain environments you may need to:

  • Keep data on-premises

  • Prevent accidental sharing of sensitive files

  • Control storage costs

  • Enforce a consistent backup strategy

Blocking the move doesn’t undo any folders already synced. It simply prevents new migrations once the policy is in place.

Step-by-Step: Create the Policy in Intune

  1. Sign in to the Microsoft Intune admin center.

  2. Go to DevicesConfiguration profiles.

  3. Click + Create profile.

  4. Choose Platform: Windows 10 and later.

  5. Choose Profile type: Settings catalog.

  6. Click Create.

Define Basic Details

  1. On the Basics tab, enter a clear name, such as “Block Known Folder Move to OneDrive.”

  2. Add an optional description explaining the policy purpose.

  3. Click Next.

Select the OneDrive Setting

  1. On the Configuration settings tab, click + Add settings.

  2. In the picker, expand OneDrive.

  3. Find Prevent users from moving their Windows known folders to OneDrive.

  4. Toggle it to Enabled.

  5. Click Next.

Assign the Policy

  1. (Optional) Add Scope tags if you use them to filter policies.

  2. On the Assignments tab, click + Add groups under Included groups.

  3. Select the Azure AD group that contains the target devices (for example, “All Corporate PCs”).

  4. Click Next.

Review and Create

  1. On the Review + create tab, verify your settings.

  2. If everything looks right, click Create.

  3. You’ll see a success message when the policy is created.

Verify Deployment

  • It can take up to eight hours to apply.

  • In Intune, go to DevicesConfiguration profiles and check the policy’s Device check-in status.

  • On a client PC, open Event Viewer and navigate to Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostics-Provider → Admin. Look for Event ID 814 to confirm the setting applied.

Removing or Deleting the Policy

  • To remove a group assignment, edit the policy’s Assignments tab and click Remove under the included groups.

  • To delete the policy entirely, find it in Configuration profiles, click the three-dot menu, and choose Delete.

Blocking known folder moves ensures your critical data stays where you need it. With this policy in place, users won’t see the OneDrive folder protection prompt or be able to start protection manually. Intelli­gent use of Intune policies like this gives you tighter control over where your files live.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top