Administration, Change Management, Group Policy, Microsoft, Microsoft365, Migration, Office365, SharePoint Server

Two new Group Policies for OneDrive


The symbolic image shows that two new group policies for OneDrive are available in the admx / adml files.

A few days have passed, but Microsoft has released two new group policies for OneDrive version 25.173.0904.0001 dated September 4, 2025.

Although Microsoft has not yet published anything on Learn.microsoft.com, here is a brief description:

Policy name (ADMX): SharePointOnPremOIDC
GPO display name: SharePoint On-Prem OIDC Authentication
OneDrive version: 25.173.0904.0001 (September 4, 2025)
Registry path: HKLM\SOFTWARE\Policies\Microsoft\OneDrive
Value type: REG_DWORD

Policy name (ADMX): SharePointOnPremApplicationIdUri
GPO display name: Specify the Application ID URI for your Entra application (OIDC)
OneDrive version: 25.173.0904.0001 (04.09.2025)
Registry path: HKLM\SOFTWARE\Policies\Microsoft\OneDrive
Value type: REG_SZ

🔐 SharePointOnPremOIDC

Description:
This policy enables OpenID Connect (OIDC) support for authentication between the OneDrive sync client and local SharePoint servers (on-premises).
When enabled, the OneDrive client attempts to authenticate against an application registered in Microsoft Entra ID using the OIDC flow instead of using classic NTLM, Kerberos, or AD FS-based methods.

Registry entry:
Pfad: HKLM\SOFTWARE\Policies\Microsoft\OneDrive
Name: SharePointOnPremOIDC
Typ: REG_DWORD

Values:

  • 1 = Enabled (OneDrive uses OIDC for on-premises SharePoint)
  • 0 = Disabled (default, classic authentication)

Note:
This setting only takes effect if the remote station (SharePoint) also supports OIDC – e.g., SharePoint Server Subscription Edition 2024 with Entra integration enabled.

🧭 SharePointOnPremApplicationIdUri

Description:
This policy sets the application ID URI of the Entra app used for the OIDC flow between
the OneDrive client and the local SharePoint server. The URI identifies the local SharePoint resource in the token exchange process.

Registry entry:
Path: HKLM\SOFTWARE\Policies\Microsoft\OneDrive
Name: SharePointOnPremOIDC
Type: REG_DWORD

Expected input:

  • Example(Entra Resource Identifier):
    api://11111111-2222-3333-4444-555555555555
  • or named URI:
    https://sharepoint.contoso.local/onedrive-oidc

Note:
This URI must match exactly the value of the Application ID URI in the corresponding
app registration in the Microsoft Entra Admin Center. Any discrepancies will prevent OneDrive from receiving valid tokens from the Entra endpoint.

⚙️ Technical notes

  • These guidelines are not included in the official Microsoft documentation (as of October 2025).
  • The texts in the ADML file are currently not localized (empty string IDs).
  • The goal is presumably to introduce modern authentication for on-premises environments to replace classic ADFS or Kerberos scenarios.
  • The policies apply system-wide (under HKLM) and are evaluated when the OneDrive client is started.

Entdecke mehr von Hans Brender's Blog

Melde dich für ein Abonnement an, um die neuesten Beiträge per E-Mail zu erhalten.

Ein Gedanke zu “Two new Group Policies for OneDrive

  1. Pingback: Microsoft Roadmap, messagecenter and blogs updates from 05-11-2025 - KbWorks - SharePoint and Teams Specialist

Hinterlasse einen Kommentar

Diese Seite verwendet Akismet, um Spam zu reduzieren. Erfahre, wie deine Kommentardaten verarbeitet werden..