How IT Can Enforce OneDrive Backup with Intune
Every organisation today depends on digital files e.g documents, spreadsheets, presentations, videos. Losing them due to laptop theft, damage, or ransomware can paralyse a team. Microsoft 365 gives every user 1TB of OneDrive for Business storage. When set up correctly, OneDrive acts as a built-in disaster recovery tool:
- Files auto-sync from Desktop, Documents, and Pictures.
- Laptop lost or broken? Sign in on another device and continue where you left off.
- Version history restores older file versions.
- Central compliance with retention policies for audits and regulations.
That’s why every IT department should enforce OneDrive backup for all staff.
How IT Can Enforce OneDrive Backup with Intune
Follow these steps in Microsoft Endpoint Manager (Intune) to push backup policies to all company devices.
Step 1: Go to Configuration
From the Intune dashboard: https://intune.microsoft.com/
- Navigate to Devices → Windows → Configuration.
- Click + Create → New Policy.
Step 2: Create a Profile
Platform: Windows 10 and later.
Profile type: Settings catalog.
Click Create.
Name: OneDrive Settings for Windows.
Description: OneDrive backup and compliance for PCs.
Platform auto-set to Windows.
Click Next.
Step 3: Configure OneDrive Settings
Search for OneDrive in the settings catalog and enable these recommended policies:
- Silently sign in users to the OneDrive sync client with Windows credentials.
- Silently move Windows known folders to OneDrive.
(Desktop, Documents, Pictures auto-redirect to OneDrive.) - Prevent users from redirecting known folders back to PC.
- Prompt users when silent move fails.
- Block syncing of personal OneDrive accounts.
- Use Files On-Demand (saves disk space by storing files in the cloud until opened).
- Always start OneDrive automatically.
- Limit upload/download bandwidth (optional for network control).
- Exclude specific file types (e.g., *.pst).
- Auto-mount SharePoint libraries for Teams/Departments.
- Enable sync health reporting for admin monitoring.
- Continue syncing on battery saver or metered network.
- Disable setup tutorials and animations for faster rollout.
- Restrict syncing to allowed tenant IDs only.
- Define default OneDrive folder location.
- Configure storage sense to clean unused OneDrive content.
Step 4: Assign the Policy
Click Next, then Create.
Choose the user group or all users.
Apply scope tags if needed.
Once deployed:
- Every employee’s Desktop, Documents, and Pictures will back up to OneDrive automatically.
- Files will follow the user, not the device.
- IT has full compliance visibility through Intune and the OneDrive Admin Center.
Disaster Recovery in Action
If a staff laptop is stolen or damaged:
- Hand them a new Windows device.
- Ask them to sign in with their Microsoft 365 account.
- OneDrive restores all their files, including the most recent version of the last document they worked on.
No downtime. No data loss.
Boss, thanks for always giving update. this is another way.. been cracking my head around this in a wrong way. cheers.
can i pick your brain. Howdoes this align wit ISO 27001 Annex A controls on backup, data protection, and incident management 🙂 ?
Great point. Setting up OneDrive backup with Intune links well with ISO 27001 controls: backups (A.12.3), data protection (A.8.12), incident response (A.16.1), and continuity (A.17.1). In short, it makes recovery automatic, keeps data under M365 policies, and cuts downtime if a laptop is lost or hit by ransomware. Hope that helps.