Learn how to exclude files and extensions from syncing to OneDrive via both GPOs and Microsoft Endpoint Manager


If I asked you this question 2 years ago; do you use OneDrive on your virtual desktop – Cloud endpoint environment, you most likely would answer this question with no. This was mainly due to the lack of alignment of the OneDrive product for virtualization scenarios. Luckily, this changed, and the world looks way better now…

One of the main key releases customers have been waiting for has been the possibility to exclude files, folders, and extensions from syncing. This is something I will explain more in-depth in this article plus some more tips and tricks around the use of OneDrive in a virtualized environment.

In this article, you will learn how to exclude files and extensions from syncing to OneDrive and other settings that are useful for your physical and virtual desktop environment.

Update 5.5.2021 – The setting is now also available in Microsoft Endpoint Manager!

Table of Contents

Click on the title to jump to that spot in this article:

OneDrive Insiders previews – get new features earlier

You can test upcoming features of OneDrive without joining the Windows Insider program. To use new features, you must check the following setting in your OneDrive client.

When you set the setting, the next time OneDrive checks for updates, the latest insider preview will be loaded over the existing one. You could force the update process by rebooting your machine.

Exclude files and extensions from syncing to OneDrive – via Microsoft Endpoint Manager

The setting is now also possible to configure via Microsoft Endpoint Manager via DevicesConfiguration Profiles

Select Windows 10 and later, Templates followed by Administrative Templates.

Click on Exclude specific kinds of files from being uploaded

Add your files and extensions

Exclude files and extensions from syncing to OneDrive – via Group Policies

Before we start – we must load the new OneDrive ADMX – templates files into your Active Directory or Local GPO store within your image.

You can find the templates here.

%localappdata%\Microsoft\OneDrive\BuildNumber\adm\

Note: Are you using the per-machine installation? Make sure to search in the Program Files directory instead.

Load the OneDrive.adml and OneDrive.admx file (or the complete directory for multi-language GPO support) into the PolicyDefinitions folder.

Note: Make sure to put the .adml (language) file into the en-us folder – not in the root.

Open the Group Policy console / or open the Local Group Policy editor

Note: The policies to exclude files from OneDrive are not available yet via Microsoft Endpoint Manager.

Open the new setting – Exclude specific kinds of files from being uploaded

Click on Enabled

Click on Show

Exclude the file extensions

This setting lets you enter keywords to prevent OneDrive from uploading certain files to OneDrive. You can enter complete names, such as “setup.exe” or use the asterisk (*) as a wildcard character to represent a series of characters.

Enter the file extensions you want to exclude.

Note: The *.lnk and *.url files remove shortcuts from OneDrive being synced, this could be a good way to remove shortcuts from the Desktops folder when using it on different environments.

After you saved the settings, OneDrive is excluding all the new files from your local repository from syncing that aligns with the keywords. The message “Files with this icon won’t sync” pops up in the client.

Note: Excluding files and extensions only apply to new files from syncing, after you configure the “Exclude specific files..” policy setting. 

Files that are not synced will have the following icon instead of the blue or green OneDrive/Cloud icon that you normally would have.

OneDrive backup folders (Known-Folder move)

Not so long ago, the OneDrive Engineering team added Known Folder Move (which is now called OneDrive folders for backup) functionality support to OneDrive, which is very useful to create the same end-user experience for our users on Azure Virtual Desktop as they would have on a Modern Desktop with all profile folders, such as My Documents, Pictures, Favourites, Desktop, etc. redirected to OneDrive.

Also, with the use of OneDrive Files On-Demand, you’ll be able to save storage space from your profile folders due to the possibility to work with tiering for your hot and cold data.

While using OneDrive backup folders – aka Known Folder Move on different devices or AVD environments in conjunction with the same OneDrive account. You ensure to always have your Office 365 documents in the same location, everywhere you go! Even on your mobile device, without any notice 😊

Activating Known Folder Move is relatively easy. You can use the manual approach by opening the OneDrive client from the Start menu and click on Manage backup.

Configure settings via Microsoft Endpoint Manager

The easier and more automated approach would be via Microsoft Endpoint Manager, as device-based policy an administrative templates policy setting.

You of course can also set this via ADMX – GPOs via the setting below.

There is also the option to use registry keys, you must create the following key.

[HKLM\SOFTWARE\Policies\Microsoft\OneDrive]”KFMSilentOptIn”=”1111-2222-3333-4444″

(where “1111-2222-3333-4444” is the AzureAD Directory – tenant ID, which you can find in the Azure Portal – under the properties menu of your Azure AD tenant)

Silent sign-in users to OneDrive

There is a setting to silent sign-in users to OneDrive with their Windows credentials, this removes manual steps for the user to configure OneDrive for the first time.

If you enable this setting, users who are signed in on the PC with the primary Windows account (the account used to join the PC to the domain) can set up the sync app without entering the credentials for the account. Users will still be shown OneDrive Setup so they can select folders to sync and change the location of their OneDrive folder.

The setting is available via the GPOs delivered via the client – see above where to find them.

Or directly via Microsoft Endpoint Manager

Place OneDrive back to Program Files via the per-machine installation

By default, the OneDrive sync client installs per user on Windows, meaning OneDrive.exe needs to be installed for each user account on the PC under the %localappdata% folder. With the new per-machine installation option, you can install OneDrive under the “Program Files (x86)” directory, meaning all profiles on the computer will use the same OneDrive.exe binary.

You can download the new per-machine version of OneDrive below:

https://go.microsoft.com/fwlink/?linkid=2083517

Make sure to re-install the application by using the following command.

OneDriveSetup.exe /allusers

Also, when running this on a multi-session environment, this means that on that same session host, all the different user-profile – OneDrive versions will update simultaneously – which can get messy in terms of network throughput. This is also solved with the per-machine version.

The per-machine version will update itself by a service/account which injects itself during the installation. Therefore, you always need to run the installation as a local administrator with UAC privileges.

OneDrive errors? Please, upgrade to (at least) FSLogix 1909 today!

Are you using OneDrive on your virtual desktop workload with FSLogix? Make sure to upgrade to at least version 1909. See below the fix we applied in this new fall release.

  • HotFix changes which resolved scenarios where OneDrive IDs may not be unique and could cause OneDrive files being lost and require recovery have been moved into standard release.

Read all the release notes here.

Download FSLogix Apps release 2009 (2.9.7621.30127) here

Removing files accidentally from your Desktop?

There is a new error message built into OneDrive to warn you from deleting files locally on your PC while using know folder move. Luckily, the files are automatically backed up into the recycling bin for 30 days. So, no worries at all. See below the new message.