OneDrive: Fix Automatic Sign-In After Autopilot with Intune

Introduction

During a Windows Autopilot deployment, one of the common frustrations is the need for users to manually sign in to OneDrive after their first logon on the workstation. Despite a smooth OOBE (Out-of-Box Experience) and functional SSO authentication for Office applications, OneDrive remains disconnected until manual intervention.

This incomplete configuration compromises the "zero-touch" deployment objective and delays access to synchronized files and known folder redirection features. This guide presents the method to configure automatic OneDrive sign-in via Microsoft Intune.

Technical Context

By default, OneDrive does not authenticate automatically even when the user is logged in to Windows with their Azure AD credentials. A specific configuration is required to enable this functionality.

In a standard Autopilot environment coupled with Intune, the typical behavior is as follows:

Device Enrollment: successful and automatic
User Authentication: performed with Azure AD credentials
Office Applications: automatic sign-in through SSO
OneDrive: waiting for manual sign-in

This gap requires user intervention to:

Manually open the OneDrive application
Re-enter login credentials
Configure folder synchronization

Features Enabled by the Configuration

Implementing this policy automatically enables:

Silent Sign-In with Windows credentials
Automatic Startup of OneDrive client
Known Folder Move (Desktop, Documents, Pictures redirection)
Silent Configuration of the synchronization client

Resolving this issue involves creating a specific configuration profile in Intune using the settings catalog.

Creating the Configuration Profile

Access the Microsoft Intune Administration Center and navigate to:

Devices > Configuration Profiles > Create Profile

Select the following settings:

Platform: Windows 10 and later
Profile Type: Settings Catalog

Configuring the OneDrive Setting

In the settings selector, search for and add:

Setting Name: "Silently sign in users to the OneDrive sync app with their Windows credentials"
Value: Enabled

Adding the Specific Setting

In the "Configuration Settings" tab:

Click + Add Settings to open the selector
Enter "Silently sign in users" in the search bar
Click the Search button
Select the OneDrive category to filter results
Check the "Silently sign in users to the OneDrive sync app with their Windows credentials" setting
Enable the setting by moving the toggle to Enabled
Click Next

Profile Assignment

In the assignment window:

Add All Users or a specific user group
Click Next

Finalizing the Configuration

Click Create to finalize the configuration profile.

Key Setting

The "Silently sign in users to the OneDrive sync app with their Windows credentials" setting is essential: it tells OneDrive to use the Azure AD credentials from the Windows session to automatically authenticate.

Workflow After Configuration

Once the profile is applied, the process becomes fully automated:

User Sign-In on the Autopilot device
Automatic Launch of OneDrive in the background
Silent Authentication without user intervention
Automatic Synchronization of Desktop, Documents, and Pictures folders
Immediate Productivity without manual configuration

Result

Users benefit from immediate access to their OneDrive files on first logon, thus meeting Autopilot's zero-touch deployment objective.

PowerShell Script for Verification

To validate the OneDrive configuration on a workstation:

⚡PowerShell

1# Check OneDrive status
2Get-Process -Name "OneDrive" -ErrorAction SilentlyContinue
3 
4# Check automatic sign-in policy
5$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"
6$propertyName = "SilentAccountConfig"
7 
8if (Test-Path $registryPath) {
9    $value = Get-ItemProperty -Path $registryPath -Name $propertyName -ErrorAction SilentlyContinue
10    if ($value) {
11        Write-Host "OneDrive Automatic Sign-In: Configured" -ForegroundColor Green
12    } else {
13        Write-Host "OneDrive Automatic Sign-In: Not Configured" -ForegroundColor Red
14    }
15} else {
16    Write-Host "OneDrive Policies: Not Found" -ForegroundColor Yellow
17}

Technical Terms Glossary

Autopilot: Microsoft service enabling automatic provisioning and configuration of Windows devices.

Known Folder Move (KFM): OneDrive feature that automatically redirects Desktop, Documents, and Pictures folders to the cloud.

OOBE (Out-of-Box Experience): First-time setup process of a Windows device.

Settings Catalog: Intune interface enabling granular parameter configuration through a unified catalog.

SSO (Single Sign-On): Single authentication mechanism allowing access to multiple services with one set of credentials.

Useful Links and Documentation