Deploy and configure the new OneDrive sync app for Mac

There are two basic ways that you, as an admin, can deploy the OneDrive sync app to Mac users in your organization:

  • Have users install and set up the OneDrive sync app themselves by following the instructions in Sync files with OneDrive on Mac OS X. To install the OneDrive sync app for Mac, a user has to be administrator on the Mac or know an administrator account name and password.

  • Download the installer package file to your local network, and then use your software distribution tools to deploy the app to your users. By using a software distribution tool, you have more control over the deployment, including which users get the sync app and when. The OneDrive sync app for Mac uses the Apple Installer technology for installation. This means you can use the software distribution tools that you normally use to deploy software to Mac users. You can use Microsoft Intune. Other common tools are Jamf Pro, Munki, and AutoPkg. You can also use Apple Remote Desktop and AppleScript.

Manage OneDrive settings on macOS using property list (Plist) files

After the OneDrive sync app for Mac is installed, users can configure settings for the app. These settings are called preferences. As an admin, you might want to provide users in your organization with a standard set of preferences. Preferences for the OneDrive sync app for Mac are stored in preference files. These files are often referred to as .plist files.

Standalone Mac App Store
PList Location
~/Library/Preferences/com.microsoft.OneDrive.plist
~/Library/Containers/com.microsoft.OneDrive-mac/Data/Library/Preferences/com.microsoft.OneDrive-mac.plist
Domain
com.microsoft.OneDrive
com.microsoft.OneDrive-mac

Configure sync app settings

Configure the settings on macOS in the typical way:

  1. Quit the OneDrive application.

  2. Define the settings you want to change by creating a Plist with the values, or use a script to set the default values.

  3. Deploy the settings onto the local computer.

  4. Refresh the preferences cache.

    On the next start of OneDrive, the new settings will be picked up.

Overview of settings

Use the following keys to preconfigure or change settings for your users. The keys are the same whether you run the standalone or Mac App Store edition of the sync app, but the property list file name and domain name will be different. When you apply the settings, make sure to target the appropriate domain depending on the edition of the sync app.

Setting Description Parameters Example Plist Entry
Disable personal accounts
Blocks users from signing in and syncing files in personal OneDrive accounts. If this key is set after a user has set up sync with a personal account, the user will be signed out.
DisablePersonalSync (Bool): When set to true, this parameter prevents users from adding or syncing personal accounts.
<key>DisablePersonalSync</key>
<(Bool)/>
Default folder location
Specifies the default location of the OneDrive folder for each organization
TenantID (String): TenantID determines which accounts the default folder location setting should apply to. Find your Microsoft 365 tenant ID
DefaultFolderPath (String): DefaultFolder specifies the default folder location.
Mac App Store:
The path must already exist when users set up the sync app.
Standalone:
The path will be created on users' computers if it doesn't already exist. Only with the Standalone sync app can you prevent users from changing the location.
<key>DefaultFolder</key>
<array>
    <dict>
        <key>Path</key>
        <string>(DefaultFolderPath)</string>
        <key>TenantId</key>
        <string>(TenantID)</string>
    </dict>
</array>
Automatic upload bandwidth percentage
Enables the sync app to automatically set the amount of bandwidth used based on available bandwidth for uploading files
AutomaticUploadBandwidthPercentage (int): This parameter determines the percentage of local upload bandwidth that the sync app can use. Accepted values are from 1 through 99.
<key>AutomaticUploadBandwidthPercentage</key>
<int>(Bandwidth)</int>
Set maximum upload throughput
Sets the maximum upload throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync app
UploadBandwidthLimited (int): This parameter determines the upload throughput in KB/sec that the sync app can use. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec.
<key>UploadBandwidthLimited</key>
<int>(Upload Throughput Rate in KB/sec)</int>
Set maximum download throughput
Sets the maximum download throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync app
DownloadBandwidthLimited (int): This parameter determines the download throughput in KB/sec that the sync app can use. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec.
<key>DownloadBandwidthLimited</key>
<int>(Download Throughput Rate in KB/sec)</int>
Dock icon
Specifies whether a dock icon for OneDrive is shown
HideDockIcon (Bool): When set to true, this parameter hides the OneDrive dock icon even when the application is running.
<key>HideDockIcon</key>
<(Bool)/>
Open at login
Specifies whether OneDrive starts automatically when the user logs in
OpenAtLogin (Bool): When set to true, OneDrive will start automatically when the user logs in on the Mac.
<key>OpenAtLogin</key>
<(Bool)/>
Enable Files On-Demand
Specifies whether Files On-Demand is enabled. If you don't set this setting, Files On-Demand will be enabled automatically as we roll out the feature, and users can turn the setting on or off
FilesOnDemandEnabled (Bool): When set to true, new users who set up the sync app will download online-only files by default. When set to false, Files On-Demand will be disabled and users won't be able to turn it on.
<key>FilesOnDemandEnabled</key>
<(Bool)/>
Disable download toasts
Prevents toasts from appearing when applications cause file contents to be downloaded
DisableHydrationToast (Bool): When set to true, toasts will not appear when applications trigger the download of file contents.
<key>DisableHydrationToast</key>
<(Bool)/>
Block apps from downloading online-only files
Prevents applications from automatically downloading online-only files. You can use this setting to lock down applications that don't work correctly with your deployment of Files On-Demand.
HydrationDisallowedApps (String): Json in the following format
[{"ApplicationId":"appId","MaxBundleVersion":"1.1","MaxBuildVersion":"1.0"}]
"AppID" can be either the BSD process name or the bundle display name. MaxBuildVersion denotes the maximum build version of the application that will be blocked. MaxBundleVersion denotes the maximum bundle version of the application that will be blocked
<key>HydrationDisallowedApps </key>
<string> [{"ApplicationId":"appId","MaxBundleVersion":"1.1","MaxBuildVersion":"1.0"}, {"ApplicationId":"appId2","MaxBundleVersion":"3.2","MaxBuildVersion":"2.0"}]</string>
<(Bool)/>
SharePoint Server Front Door URL
Specifies the SharePoint Server 2019 on-premises URL that the OneDrive sync app should try to authenticate and sync against
SharePointOnPremFrontDoorUrl (string): The URL of the on-premises SharePoint Server.
<key>SharePointOnPremFrontDoorUrl</key>
<string>https://Contoso.SharePoint.com</string>
SharePoint Server Tenant Name
Specifies the name of the folder created for syncing the SharePoint Server 2019 files specified in the Front Door URL.
SharePointOnPremTenantName (string): The name that will be used when creating a folder to sync the on-premises SharePoint Server files. If specified, the folder names will take the form of:
OneDrive – TenantName
TenantName
If not specified, the folder names will use the first segment of the FrontDoorURL as the Tenant Name.
Example - https://Contoso.SharePoint.com will use Contoso as the Tenant Name
<key>SharePointOnPremTenantName</key>
<string>Contoso</string>
SharePoint OnPrem Prioritization
For hybrid scenarios where the email is the same for both SharePoint Server on-premises and SharePoint in Microsoft 365, determines whether or not the client should set up sync for SharePoint Server or SharePoint in Microsoft 365 first during the first-run scenario.
SharePointOnPremPrioritizationPolicy (int): This parameter determines which service to attempt to authenticate against for setting up sync.
1 indicates OneDrive should set up SharePoint Server on-premises first, followed by SharePoint in Microsoft 365.
<key>SharePointOnPremPrioritizationPolicy</key>
<int>(0 or 1)</int>
Allow syncing OneDrive accounts for only specific organizations This setting lets you prevent users from easily uploading files to other organizations by specifying a list of allowed tenant IDs. If you enable this setting, users get an error if they attempt to add an account from an organization that is not allowed. If a user has already added the account, the files stop syncing. This setting takes priority over Block syncing OneDrive accounts for specific organizations. Do not enable both settings at the same time. TenantID (String): TenantID determines which tenants the allow tenants list setting should apply to. Set the bool to True to allow the tenant to sync. Find your Microsoft 365 tenant ID <key>AllowTenantList</key>
<array>
    <dict>
        <key>TenantId1</key>
        <Bool>True</Bool>
        <key>TenantId2</key>
        <Bool>True</Bool>
    </dict>
</array>
Block External Sync Prevents the sync app from syncing libraries and folders shared from other organizations. BlockExternalSync (Bool): Set to true to prevent syncing OneDrive and SharePoint libraries and folders from organizations other than the user's own organization. Set to false or do not include the setting to allow.
Learn about OneDrive B2B Sync.
<key>BlockExternalSync</key>
<(Bool)/>
Disable the tutorial that appears at the end of OneDrive Setup This setting lets you prevent the tutorial from showing at the end of OneDrive Setup. DisableTutorial (Bool): When set to true, users will not see the tutorial after they complete OneDrive Setup. <key>DisableTutorial</key>
<(Bool)/>
Block syncing OneDrive accounts for specific organizations This setting lets you prevent users from uploading files to another organization by specifying a list of blocked tenant IDs. If you enable this setting, users get an error if they attempt to add an account from an organization that is blocked. If a user has already added the account, the files stop syncing. This setting does NOT work if you have Allow syncing OneDrive accounts for only specific organizations enabled. Do not enable both settings at the same time. TenantID (String): TenantID determines which tenants the block tenants list setting should apply to. Set the bool to True to disable the tenant from syncing. Find your Microsoft 365 tenant ID <key>BlockTenantList</key>
<array>
    <dict>
        <key>TenantId1</key>
        <Bool>True</Bool>
        <key>TenantId2</key>
        <Bool>True</Bool>
    </dict>
</array>

You can also configure the OneDrive Standalone sync app to receive delayed updates.

PList Location
~/Library/Preferences/com.microsoft.OneDriveUpdater.plist
Domain
com.microsoft.OneDriveUpdater
Setting Description Parameters Example Plist Entry
Tier
Defines the update ring for the computer
UpdateRing (String): This parameter has two different values.
Production - The default update ring for OneDrive updates.
Insiders - This update ring receives updates that are "pre-production" and will allow you to play with features before they are released. Note that builds from this ring may be less stable.
Enterprise - This update ring (now called "Deferred") receives updates after they have rolled out through the Production ring. It also lets you control the deployment of updates. For more info about the update rings and how the sync app checks for updates, see The OneDrive sync app update process.
<key>Tier</key>
<string>(UpdateRing)</string>