Silently configure user accounts

This article is for IT admins who would like to silently configure user accounts when deploying the new OneDrive sync app (OneDrive.exe) to managed Windows computers in their enterprise. This feature works for computers that are joined to Azure Active Directory (Azure AD).


If you enable this feature, OneDrive.exe will attempt to sign in to the work or school account on the device that's joined to Azure AD. Before if begins syncing, it will check the available disk space. If syncing the user's entire OneDrive would cause the available space to drop below 1 GB or if the size exceeds the threshold you set (on devices that don't have Files On-Demand enabled), OneDrive will prompt the user to choose folders to sync. For info about setting this threshold using Group Policy, see Set the maximum size of a user's OneDrive that can download automatically. 

If you enable this setting and the user is syncing files with the previous OneDrive for Business sync app (Groove.exe), the new sync app (OneDrive.exe) will attempt to take over syncing and import the user's sync settings. 


Before you can enable silent account configuration, you need to join your devices to Azure AD. You can join devices running Windows 10 and Windows Server 2016 directly to Azure AD. To learn how, see Join your work device to your organization's network.

If you have an on-premises environment that uses Active Directory, you can enable hybrid Azure AD joined devices to join devices on your domain to Azure AD. Devices must be running one of the following operating systems:

  • Windows 10 

  • Windows 8.1 

  • Windows 7 

  • Windows Server 2019

  • Windows Server 2016 

  • Windows Server 2012 R2 

  • Windows Server 2012 

  • Windows Server 2008 R2

If you federate your on-premises Active Directory with Azure AD, you must use AD FS to enable this feature. For info about using Azure AD Connect, see Getting started with Azure AD Connect using express settings.


For more info, see How to configure hybrid Azure Active Directory joined devices. To check the join status and fix problems, see Troubleshoot hybrid Azure AD-joined devices.

Enable silent configuration

If the computers on your network are joined to Active Directory on-premises, you can use domain group policy to configure silent account configuration.

Using Group Policy:

  1. Enable silent account configuration. For info, see Silently sign in users to the OneDrive sync app with their Windows credentials. If a device is not already joined to Azure AD, enabling this setting will join it.

  2. Optionally, specify the maximum OneDrive size that will download automatically in silent configuration. For info, see Set the maximum size of a user's OneDrive that can download automatically. Note that if you enable Files On-Demand, OneDrive will ignore the maximum size value.

  3. Optionally, set the default location for the OneDrive folder. For info, see Set the default location for the OneDrive folder.


To test single sign-on, run OneDrive setup using the /silent parameter and enter your user name. Setup should not prompt for credentials.


Silent account configuration won't work on devices for users who require multi-factor authentication. Select third-party identity providers (IdPs) are supported, but there are caveats. For more information, make sure to check out the Azure AD federation compatibility list.

If the computers on your network are not connected to Active Directory on-premises, but only to Azure AD, we recommend using Intune and a Microsoft PowerShell script to set the registry keys required to enable silent config. Be sure you have automatic enrollment set up for Windows 10 devices.

Using a script:

$HKLMregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive'##Path to HKLM keys

$DiskSizeregistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\DiskSpaceCheckThresholdMB'##Path to max disk size key

$TenantGUID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

IF(!(Test-Path $HKLMregistryPath))

{New-Item -Path $HKLMregistryPath -Force}

IF(!(Test-Path $DiskSizeregistryPath))

{New-Item -Path $DiskSizeregistryPath -Force}

New-ItemProperty -Path $HKLMregistryPath -Name 'SilentAccountConfig' -Value '1' -PropertyType DWORD -Force | Out-Null ##Enable silent account configuration

New-ItemProperty -Path $DiskSizeregistryPath -Name $TenantGUID -Value '102400' -PropertyType DWORD -Force | Out-Null ##Set max OneDrive threshold before prompting