Settings for Intune managed devices
Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, The ingested ADMX file is then processed into MDM policies.
For more in information please visit Understanding ADMX-backed policies and Policy CSP

Ingesting KONNEKT ADMX file and deploying policies

In order to set the KONNEKT policies you need to ingest the admx file in a configuration profile first:
1. Go to your Microsoft Endpoint Manager portal 2. Click on Devices, then in the sub-menu go to Configuration profiles 3. Create profile: Select Platform Windows 10 and later, profile type Templates, in search field choose Custom, then Create
4. Now choose a Name for this profile, Next 5. Under Configuration settings:
First you have to ingest the admx file: Add new Row
Click on Add then in the new window:
  • Name: choose a name, e.g. KonnektAdmxIngesting
  • OMA-URI:
  • Data type: String
  • Value: copy the content of this admx file, then Save
Now add all policies you need to assign to clients from the Available Intune Policies.
In the following picture 4 policies are added (as an example) after ingesting the admx file, you can choose the policies you need to push to your clients from the tables Available Intune Policies
6. Assign the policies to groups/users, and Next, Next and Create
After a successful Sync for assigned devices/users restart KONNEKT to apply the new policies.
To check that the URI's have been deployed correctly in your MDM go to Devices -> Windows -> your Device -> Device configuration -> your configuration profile
To check configured URI's on the machine go to the following path in the Registry:
[HKCU or HKLM]\SOFTWARE\Policies\GlueckKanja\Konnekt
Choose HKCU for user policies or HKLM for machine policies.

Available Intune Policies

In the following table are the URI's and possible values for KONNEKT settings, to deploy them in Intune MDM please check here
The data type is "string" for all settings.
URI's are case-sensitive!
Don't forget to choose where the policy should be deployed (Device or User side)
Policy Name
Automatically add all SharePoint libraries
<enabled/> or <disabled/>
Add all additional SharePoint document libraries (besides the default one)
<enabled/> or <disabled/>
Connect Drive
<enabled/> <data id="DriveSelect" value="F:"/> or <disabled/>
value from F: to Z:
<enabled/> <data id="LanguageSelect" value="en-US"/>
value en-US or de-DE
Set License Key
<enabled/> <data id="License" value="your key"/>
SharePoint Usage
<enabled/> or <disabled/>
Add SharePoint sites on O365 accounts
Offline Attribute
<enabled/> or <disabled/>
available only for OneDrive sites
Offline Attribute Filter
<enabled/> <data id="OfflineAttributeFilter" value="<your list of extensions>"/>
see here for more details.
Default SharePoint link scope
<enabled/> <data id="SharepointLinkScopeSelect" value="see [1]"/>
Following policies are applicable to version 2.0 and above
Policy Name
<enabled/> <data id="CacheTTL" value="see [2]"/>
<data id="CacheSize" value="see [2]"/>
Hide/Show Tray Icon
<enabled/> or <disabled/>
Account Re-authentication UI
<enabled/> or <disabled>
SharePoint Site Query
<enabled/> <data id="SharepointSiteQuery" value="your query"/>
Konnekt Explorer UI
<enabled/> <data id="see [5]" value="true/false"/>
Select the default link scope for links created on SharePoint files, value can be:
  • 0: Default company setting
  • 1: Anonymous
  • 2: Organisation
  • 3: Disabled

[2] Cache: This policy defines the caching behavior of Konnekt

Konnekt uses the cache for different purposes
  • Files that are currently open by the user
  • Files that need to be uploaded (write cache)
  • Files that are closed (read cache)
The maximum value of CacheTTL is 2880 (Time in minutes)
The maximum value of CacheSize is 20000 (Size in megabytes), if zero (0), the cache size will be calculated from free disk space (default)
The cache operates in different pressure states:
  • Normal pressure: The cache is utilized below critical values. Closed files will be kept in the read cache up to the TTL value.
  • High read pressure: The cache is filled up with too many closed files. The read cache will be deleted. High write pressure: The cache is holding lots of files queued for upload. Further write operations will be throttled in order to empty the upload queue.
  • Critical write pressure: The cache is nearly filled up with files queued for upload. Further write operations will be throttled significantly in order to empty the upload queue.
  • Cache full: The cache is completely occupied. Requests to open further files will be rejected.
Both need to have a value configured if enabled!
<enabled/> <data id="CacheTTL" value="1440"/> <data id="CacheSize" value="10000"/>

[3] Account Re-authentication UI

This policy controls if the login dialog pops up immediately if an account needs to be re-authenticated. If the policy is enabled, the login dialog is shown. If the policy is disabled, only an error is indicated in the tray and explorer.

[4] SharePoint Site Query

This policy controls the query string used to find SharePoint sites.
The site query needs to be expressed in KQL. You can find general KQL documentation here:

[5] Konnekt Explorer UI

This policy defines which components of the Konnekt explorer node are shown and which are not.
Konnekt has 4 components shown in Explorer window: Uploads, History, Offline Files, and Accounts
With the following policy values you can control them:
<data id="ShellUploads" value="[true | false]"/> <data id="ShellHistory" value="[true | false]"/> <data id="ShellOfflineFiles" value="[true | false]"/> <data id="ShellAccounts" value="[true | false]"/>
Example: show Uploads, History and Offline Files and hide Accounts:
<enabled/> <data id="ShellUploads" value="true"/> <data id="ShellHistory" value="true"/> <data id="ShellOfflineFiles" value="true"/> <data id="ShellAccounts" value="false"/>
To get the policy effect you have to restart the Windows Explorer process, no need to restart KONNEKT
Last modified 6d ago