Are you still using folder redirection and do you still rely on it, to provide a decent logon performance? Then this article is probably for you.

This article has been in my head for a quite some time. A while ago I was on an assignment at a customer I hadn’t done any previous work for. The customer was using Citrix Profile Management with a couple of folder redirections, including folder redirection of AppData.

It’s still not uncommon for me to come across setups with Citrix Profile Management and folder redirection of the documents and desktop folders, occasionally I also see the start menu and favorites folders being redirected. However I haven’t seen redirection of the AppData folder for the better part of 10 years now, and there seems to be a general consensus in the EUC world, that redirection of the AppData folder is a no-go as it can lead to a variety of different application related issues. If you are still redirecting AppData, please stop, there are alternatives to both Citrix Profile Management AND folder redirection available.

With FSLogix Profile Container now being the de facto solution for profile management, there really is no need to do any kind of folder redirection anymore. With that said, I do recognize that redirecting the documents folder and maybe the desktop folder as well, may in some circumstances still be relevant, mainly in scenarios where we need to be able to backup files/folders in the Documents and/or Desktop folders.

Today we have the technology to lay the last remnants of folder redirection to rest. With the new Microsoft Edge browser and Microsoft OneDrive, we are able to provide a modern way of redirecting the documents, desktop and favorites folders.

I have written a couple of articles about the new Microsoft Edge browser, which you can find here and here. These articles lay the ground work for the Microsoft Edge deployment and configuration and really should be the baseline for any Microsoft Edge deployment.

Hybrid Azure AD Join

To provide the best solution, when signing in to Edge and OneDrive I recommend configuring hybrid Azure AD join. This configuration provides seamless sign-in to both Edge and OneDrive. Microsoft has a decent article about how to configure hybrid Azure AD join.

Microsoft Edge Enterprise Sync

The Enterprise Sync feature in Microsoft Edge enables synchronization of favorites, passwords, extensions etc. to the Azure cloud, which enables you to roam most of the Edge configuration between different devices. The Enterprise Sync feature requires an Azure AD Premium subscription.

Manual configuration

The manual configuration approach is fairly easy. Log on with your Azure AD credentials (usually your email address) by clicking the “Not syncing” button in the top right corner:

You will have to go through a small wizard

Move the little slider to “Yes” and click Confirm.

Once logged on, you should see the “Sync is on” message:

And the final verification that sync is configured:

As you can see it’s not yet possible to synchronize the history and open tabs browser data.

Automatic configuration

Even though the manual configuration of the sync feature is fairly simple, we don’t want each and everyone of our users to go through this process. The sync feature can be enabled and enforced via group policy. The enforcement prevents the user from inadvertently disabling the sync feature.

Group Policy settings

These group policy settings enables and enforces the sync feature:

The “Browser sign-in settings” enforces the sign-in process, suppressing the sync wizard.

The “Configure whether a user always has a default profile automatically signed in with their work or school account” enables auto sign-in, with a Work profile, using the Azure AD account.

The “Force synchronization of browser data and do not show the sync consent prompt” partly does what it says. It enables and enforces the sync feature and the user will not be able to disable it. However the “do not show the sync consent prompt” is not working in Edge v85.x, as you will see in the screen recording below. This means that the user will have to click the “Sync” button, to enable the sync feature.

With the upcoming v86.x version, which is currently released in the BETA channel and, according to Microsoft, due to hit the stable channel within the coming week, it’s possible to suppress the consent box . This will enable and enforce the sync feature without bothering the user at all.

Microsoft OneDrive Known Folder Move

The Known Folder Move (KFM) feature in OneDrive has been around for a while and I am seeing more and more customers implementing it in production.
KFM redirects, the documents, desktop and pictures folders to your OneDrive for Business account, which makes it easy to access your data when moving between different devices. OneDrive is available in a wide range of different subscriptions, however I usually see it delivered with via a subscription that can be activated in a shared computer setup, like the Microsoft 365 E3 or E5 subscriptions.

Manual Configuration

Like the Enterprise Sync in Edge, we can also configure KFM manually. This configuration is also driven by a wizard so it’s easy to set up.

Click sign in and provide valid OneDrive credentials.

A few clicks later, the wizard has setup the OneDrive client. Right click the little blue cloud in the tray area and click Settings.

Go to the Backup tab (no this isn’t very intuitive) and click managed backup.

Once you click Start Backup, the Desktop, Documents and Pictures folders will be redirected to OneDrive.

As with the Enterprise Sync feature, we really don’t want to leave the configuration of KFM to the user.

A word of advice. If you have folder redirection already configured, you will have to disable it. The traditional folder redirection policies and OneDrive KFM cannot coexist.

Automatic Configuration

The OneDrive configuration and the KFM feature can both be configured and enforced via Group Policy configuration. The most important part of the group policy configuration is the OneDrive (Azure AD) tenant ID, this has to be specified in the OneDrive configuation GPO.

There are a few different ways to obtain the tenant ID. One way is to configure OneDrive, manually, on a computer and get the ID from the registry in HKEY_CURRENT_USER.

The value “ConfiguredTenantId” contains the OneDrive (Azure AD) tenant ID.

If you have access to the Azure portal and Azure AD, this is probably the easiest way to obtain the tenant ID, at least it beats manually configuring the OneDrive client.

With the tenant ID you are now ready to configure the OneDrive and KFM configuration GPO.

I usually configure one GPO with both the computer configuration policies and user configuration policies, it’s basically up to you how to configure that part, however both configuration types are needed to provide a seamless configuration of OneDrive and the KFM feature.

To manage OneDrive via group policy, you’ll have to get the ADMX and ADML files. The ADMX and ADML files are located in the %LOCALAPPDATA%\Microsoft\OneDrive\CurrentBuildNumber\adm folder on any computer with OneDrive installed.
More information about OneDrive group policy configuration can be found in this guide by Microsoft.

Computer Configuration

This configuration will setup both the OneDrive client and the KFM feature. It will also activate the Files On-Demand feature which let’s the user decide which files/folder should be synced to the local OneDrive cache and it also prevents the OneDrive client from doing a complete sync of the online OneDrive content.

When using group policy, the configuration of the OneDrive client with the specified tenant ID will be enforced. That will prevent the user from removing the OneDrive client configuration.

User Configuration

In here the OneDrive tutorial is suppressed and more importantly, the OneDrive folder location is enforced and the user is prevented from changing that location. The %USERPROFILE%\OneDrive – tenantname is the default location for the OneDrive folder, I usually recommend not changing this location, however it is possible to have the OneDrive folder at another location, do NOT put in on a network drive!

Here is a screen recording showing the automatic configuration of the OneDrive client and Known Folder Move feature.

OneDrive pro tip

This is a strange one. When I started with the OneDrive testing and configuration, I was using the manual configuration approach, to get the feel of how to configure OneDrive. When I had the basic OneDrive configuration mastered, I looked into the KFM feature and this is where it gets strange. I noticed the “Backup” tab was missing, and at first I thought I had configured something to remove the tab, however I experienced the same behavior with no group policy configuration applied.

It turns out if the URL g.live.com is blocked on the network, the KFM feature is not available. In my setup, the URL was blocked by my Pi-Hole, as soon as I configured the URL to be in the whitelisted URLs the KFM feature magically appeared.

So, armed with Microsoft Edge Enterprise Sync and Microsoft OneDrive Known Folder Move, you can leave the last remnants of folder redirection in the past and move forward with more modern ways of syncing user data, files and folders.

This concludes the article. As always feel free to contact me on Twitter or on LinkedIn if you have any comments or questions.