In modern IT environments, device loss is no longer the biggest risk — data loss is. Laptops get replaced, reimaged, or stolen every day. What really hurts the business is when a user’s Desktop or Documents folder disappears with it.
Microsoft’s OneDrive Known Folder Move (KFM) feature, when properly deployed via Microsoft Intune, is one of the most effective and low-effort ways to protect user data on Windows 10 devices. I’ve rolled this out across multiple environments — from small businesses to enterprise tenants — and when done correctly, it quietly eliminates a huge number of support tickets.
This article explains how to redirect known folders to OneDrive using Intune, why it’s worth doing, and what to watch out for based on real-world deployments — not just Microsoft documentation.
What Is OneDrive Known Folder Move (KFM)?
Known Folder Move automatically redirects these Windows folders to OneDrive:
- Desktop
- Documents
- Pictures
From the user’s perspective, nothing changes. They still save files to “Documents” or “Desktop”, but those files are now:
- Automatically backed up to Microsoft 365
- Synced across devices
- Protected by retention, conditional access, and MFA
From an IT perspective, it’s one of the simplest wins available in Intune.
Why Deploy Known Folder Redirection with Intune?
1. Automatic Cloud Backup Without User Training
Users don’t think about backups. They save files wherever Windows lets them. KFM ensures those files are protected without relying on user behaviour.
In practice, this dramatically reduces:
- Data loss incidents
- Emergency restore requests
- Panic calls after laptop replacements
2. Faster Device Replacement and Rebuilds
When a device is lost or reimaged:
- User signs in
- OneDrive syncs
- Desktop and Documents reappear
I’ve seen new laptops fully usable in under 30 minutes purely because KFM was already in place.
3. Centralised Policy Enforcement
Deploying via Intune ensures:
- Consistent configuration across all devices
- No reliance on manual setup
- Easy auditing and compliance reporting
This is especially important in zero trust and hybrid work environments.
4. Improved Security and Compliance
Once data lives in OneDrive:
- You gain DLP visibility
- You can apply retention policies
- You can restrict access with Conditional Access
From a security standpoint, it’s vastly better than unmanaged local storage.
Prerequisites (Don’t Skip These)
Before deploying Known Folder Move with Intune, make sure:
- Devices are enrolled in Microsoft Intune
- Users are licensed for OneDrive for Business
- The OneDrive sync client is installed and up to date
- Users sign in with Azure AD / Entra ID accounts
- You know your Tenant ID
Skipping any of these is the most common reason KFM deployments fail.
Step-by-Step: Configuring OneDrive Known Folder Move via Intune
Step 1: Create a Configuration Profile in Intune
- Sign in to the Microsoft Intune Admin Center
- Go to Devices → Configuration profiles
- Click Create profile
Choose:
- Platform: Windows 10 and later
- Profile type: Settings catalog
Name it something clear, for example:
“OneDrive – Known Folder Move (KFM)”
Clear naming helps when troubleshooting six months later.
Step 2: Add OneDrive Known Folder Settings
In the Settings picker, search for OneDrive and add the following:
Required Settings
- Silently move Windows known folders to OneDrive
→ Enabled - Tenant ID
→ Enter your Azure AD / Entra ID Tenant ID - Use OneDrive Files On-Demand
→ Enabled
These three are the core of a silent, user-friendly deployment.
Optional but Recommended Settings
- Prevent users from redirecting known folders back to the PC
→ Enabled (prevents users undoing your work) - Prompt users to move Windows known folders to OneDrive
→ Disabled (unless you want user interaction)
In most corporate environments, silent enforcement works best.
Step 3: Assign the Policy
Assign the profile to:
- User groups (recommended)
- Or device groups if required by your design
User-based assignment aligns better with OneDrive’s identity-based sync model.
What Users Experience (And Why That Matters)
If configured correctly:
- Users are not prompted
- No pop-ups appear
- Files start syncing automatically
- Desktop, Documents, and Pictures remain usable as normal
In my experience, the best KFM deployments are the ones users don’t notice at all.
Monitoring and Verifying Deployment
Intune Monitoring
Check:
- Devices → Monitor → Configuration profile status
- Look for successful application across assigned users
Client-Side Verification
On a Windows 10 device:
- OneDrive icon should show sync activity
- Desktop and Documents paths should point to OneDrive
You can also check:
- Event Viewer → Applications and Services Logs → Microsoft → Windows → OneDrive
This is invaluable when troubleshooting failed moves.
Common Issues and How to Fix Them
OneDrive Isn’t Signed In
KFM won’t trigger until the user signs into OneDrive with their work account.
Existing Group Policy Conflicts
Legacy GPOs can override Intune settings. Remove or reconcile them.
Files Too Large or Locked
Open files or unsupported file types can block folder moves. Check logs for specifics.
Poor Network Connectivity
Initial sync can take time. Files On-Demand helps reduce impact.
Real-World Lessons from Deployments
- Roll out in stages — pilot first
- Communicate early — users notice when their Desktop syncs
- Enable Files On-Demand — reduces storage complaints
- Don’t over-customise initially — keep it simple, then refine
KFM works best when treated as baseline configuration, not a special project.
Is This Still Relevant in Windows 11?
Absolutely. The same approach applies to Windows 11, and if anything, it’s more important as Microsoft continues pushing cloud-first workflows.
One of the Highest ROI Policies in Intune
Redirecting known folders to OneDrive via Intune is one of those rare IT changes that:
- Improves security
- Reduces support workload
- Makes users happier
- Simplifies disaster recovery
It’s low risk, high reward — and once it’s in place, you’ll wonder how you ever managed devices without it.
If you’re serious about modern device management, OneDrive Known Folder Move should be standard, not optional.
From my early days on the helpdesk through roles as a service desk manager, systems administrator, and network engineer, I’ve spent more than 25 years in the IT world. As I transition into cyber security, my goal is to make tech a little less confusing by sharing what I’ve learned and helping others wherever I can.