Settings for Intune managed devices

Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, The ingested ADMX file is then processed into MDM policies.

For more in information please visit Understanding ADMX-backed policies and Policy CSP

Ingesting KONNEKT ADMX file and deploying policies

In order to set the konnekt policies you need to ingest the admx file in a configuration profile first:

1. Go to your Microsoft Endpoint Manager portal 2. Click on Devices, then in the sub-menu go to Configuration profiles 3. Create profile: Select Platform Windows 10 and later, profile type Templates, in search field choose Custom, then Create

4. Now choose a Name for this profile, Next 5. Under Configuration settings:

First you have to ingest the admx file: Add new Row

Click on Add then in the new window:

  • Name: choose a name, e.g. KonnektAdmxIngesting

  • OMA-URI:

./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Konnekt/Policy/KonnektAdmx
  • Data type: String

  • Value: copy the content of this admx file, then Save

Now add all policies you need to assign to clients from the Available Intune Policies.

In the following picture 4 policies are added (as an example) after ingesting the admx file, you can choose the policies you need to push to your clients from the tables Available Intune Policies

6. Assign the policies to groups/users, and Next, Next and Create

After a successfully Sync for assigned devices/users restart KONNEKT to apply the new policies.

To check that the URI's have been deployed correctly in your MDM go to Devices -> Windows -> your Device -> Device configuration -> your configuration profile

To check configured URI's on the machine go to the following path in the Registry:

[HKCU or HKLM]\SOFTWARE\Policies\GlueckKanja\Konnekt

Choose HKCU for user policies or HKLM for machine policies.

Available Intune Policies

In the following table are the URI's and possible values for KONNEKT settings, to deploy them in Intune MDM please check here

URI's are case-sensitive!

Don't forget to choose where the policy should be deployed (Device or User side)

Policy Name

URI

Data Type

Value

Note

Automatically add all SharePoint libraries

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/AddAllSharepointLibraries

String

<enabled/> or <disabled>

Add all additional SharePoint document libraries (besides the default one)

Co-Authoring

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/CoAuthoring

String

<enabled/> or <disabled>

Assign Drive Letter

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/ConnectDrive

String

<enabled/> <data id="DriveSelect" value="F:"/>

value from F: to Z:

Language

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/Language

String

<enabled/> <data id="LanguageSelect" value="en-US"/>

value en-US or de-DE

Set License Key

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/License

String

<enabled/> <data id="License" value="your key"/>

SharePoint Usage

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/O365SharepointUsage

String

<enabled/> or <disabled>

Add SharePoint sites on O365 accounts

Offline Attribute

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/OfflineAttribute

String

<enabled/> or <disabled>

available only for OneDrive sites

Default SharePoint link scope

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt/SharePointLinkScope

String

<enabled/> <data id="SharepointLinkScopeSelect" value="see [1]"/>

[1]

Following policies are applicable to version 2.0 and above

Policy Name

URI

Data Type

Value

Note

Cache

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt~KonnektUI/Cache

String

<enabled/> <data id="CacheTTL" value="see [2]"/>

<data id="CacheSize" value="see [2]"/>

[2]

Hide Tray Icon

./[Device|[Device|User]]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt~KonnektUI/ShowTrayIcon

String

<enabled/> or <disabled>

Account Re-authentication UI

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt~KonnektUI/PopupReauthenticateAccount

String

<enabled/> or <disabled>

[3]

SharePoint Site Query

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt~KonnektUI/SharepointSiteQuery

String

<enabled/> <data id="SharepointSiteQuery" value="your query"/>

[4]

Konnekt Explorer UI

./[Device|User]/Vendor/MSFT/Policy/Config/Konnekt~Policy~Konnekt~KonnektUI/ShellNode

String

<enabled/> <data id="see [5]" value="true/false"/>

[5]

Select the default link scope for links created on SharePoint files, value can be:

  • 0: Default company setting

  • 1: Anonymous

  • 2: Organisation

  • 3: Disabled

For more information see https://github.com/OneDrive/onedrive-api-docs/blob/live/docs/rest-api/api/driveitem_createlink.md#scope-types

[2] Cache: This policy defines the caching behavior of Konnekt

Konnekt uses the cache for different purposes

  • Files that are currently open by the user

  • Files that need to be uploaded (write cache)

  • Files that are closed (read cache)

Maximum value of CacheTTL is 2880 (Time in minutes)

Maximum value of CacheSize is 20000 (Size in megabytes), if zero (0), the cache size will be calculated from free disk space (default)

The cache operates in different pressure states:

  • Normal pressure: The cache is utilized below critical values. Closed files will be kept in the read cache up to the TTL value.

  • High read pressure: The cache is filled up with too much closed files. The read cache will be deleted. High write pressure: The cache is holding lots of files queued for upload. Further write operations will be throttled in order to empty the upload queue.

  • Critical write pressure: The cache is nearly filled up with files queued for upload. Further write operations will be throttled significantly in order to empty the upload queue.

  • Cache full: The cache is completely occupied. Requests to open further files will be rejected.

Both need to have a value configured if enabled!

Example:

<enabled/> <data id="CacheTTL" value="1440"/> <data id="CacheSize" value="10000"/>

[3] Account Re-authentication UI

This policy controls if the login dialog pops up immediately if an account needs to be re-authenticated. If the policy is enabled, the login dialog is shown. If the policy is disabled, only an error is indicated in the tray and explorer.

[4] SharePoint Site Query

This policy controls the query string used to find SharePoint sites.

The site query needs to be expressed in KQL. You can find a general KQL documentation here: https://docs.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference

A list of query properties for SharePoint can be found here: https://docs.microsoft.com/en-us/sharepoint/technical-reference/crawled-and-managed-properties-overview

[5] Konnekt Explorer UI

This policy defines which components of the Konnekt explorer node are shown and which not.

Konnekt has 4 components shown in Explorer window: Uploads, History, Offline Files and Accounts

With the following policy values you can control them:

<data id="ShellUploads" value="[true | false]"/> <data id="ShellHistory" value="[true | false]"/> <data id="ShellOfflineFiles" value="[true | false]"/> <data id="ShellAccounts" value="[true | false]"/>

Example: show Uploads, History and Offline Files and hide Accounts:

<enabled/> <data id="ShellUploads" value="true"/> <data id="ShellHistory" value="true"/> <data id="ShellOfflineFiles" value="true"/> <data id="ShellAccounts" value="false"/>

To get the policy effect you have to restart the Windows Explorer process, no need to restart KONNEKT

Result: