Share via

Onedrive Silent Configuration Expectation and Troubleshooting

shockoMS 276 Reputation points
2023-11-18T18:28:14.2333333+00:00

I'm using OneDrive for Business and the Sync app (latest and on production ring) on Windows 10 22H2 Enterprise machines. They are all HAADJ (Hybird AzureAD Joined). As part of our Pilot group users have been giving us feedback on their experience and one thing that has come up accross the board is the following:

  • On first launch of the sync app the users must supply their e-mail address/password and MFA to setup

Since the system is Hybrid joined we thought that silent configuration would be possible so we configured the required group polices as per this guide. However, new users that have this policy applied to thier machines still report the same experience.

So this raises several questions:

  1. What is the expected experience with Onedrive silent configuration? If MFA is enabled is it just an MFA prompt?
  2. Is this supported on HAADJ machines (documents stet it is)?
  3. How to troubleshoot this?
OneDrive
OneDrive
A Microsoft file hosting and synchronization service.
879 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,949 questions
0 comments
Accepted answer
  1. Jiajing Hua-MFST 6,260 Reputation points Microsoft Vendor
    2023-11-20T06:45:52.4466667+00:00

    Hi @shockoMS

    1 If OneDrive use Windows Primary Account to sign in automatically without user interaction, SilentAccountConfig works correctly.

    But if you have enabled MFA, then it won't work. The following image is from "Enable silent configuration" part.

    5

    2 According to "Prerequisites", Hybird AzureAD (Microsoft Entra hybrid) joined devices are supported.

    6

    3 Please make sure the MFA is disabled first, then follow the steps of "Verify that Single Sign On (SSO) is working" to have a check.

    For any further assistant, it would be best to open a support ticket with Microsoft Support to help review your issue and help you test remotely. As you are working with a complicated scenario, and this could be due to many reasons.

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. shockoMS 276 Reputation points
    2024-05-25T08:23:49.4266667+00:00

    I have logged this to MS support for clarification . We have to have MFA so I cannot relax this but I would have thought that we at least could simplify the user experience by pre-populating the username or better still, like other applications on Hybrid AzureAD joined machines (MS Edge for business sign-in or MS teams) simply promt the user for MFA. I'll post back any results.

    0 comments