• Santosh Kumar Behera

Integrating VMware Dynamic Environment Manager with OneDrive for Business

VMware Dynamic Environment Manager (DEM) is a tool designed for user profile management through dynamic policy configuration. It provides an easy way of managing application settings and user customizations, providing end-users with a personalized desktop experience across any virtual, physical and cloud-based Windows desktop environment.

In this post, I am going to explain how VMware Dynamic Environment Manager (DEM)

(v2111 onwards) and Microsoft OneDrive Sync feature enables to store of user profile archives at the OneDrive root of the logged-in user.


Prerequisites for Integration

  • On-premises AD federation with Azure AD

  • On-premises AD sync with Azure AD using ADConnect

  • Azure AD Multi-Tenant App

  • SMB Share for VMware DEM FlexEngine Configuration file path

  • VMware DEM FlexEngine profile archive path

SMB share is not needed for profile archives and logs with this feature. However, FlexEngine needs an SMB share for Flex configuration file.

Steps

  1. Install Dynamic Environment Manager v2111 or latest

  2. Provision the Dynamic Environment Manager Azure AD app by accessing the following URL.

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=c504654f-97ac-4e31-ba2c-d8cb284bb948


Replace {tenant-id} of the above URL with the tenant ID of the organization.

Note: Ensure that you have logged in to the tenant as an administrator.


Post app provision, login to Azure portal and validate the apps settings ( All services >> App registrations )


3. Configure DEM for OneDrive Settings using GPO or NoAD.xml


NoAD Mode Deployment Type

Update NoAD.xml with below additional attributes for (ADFS federation)

ProfileArchivePath="<Local path for Profile Archive during logon>"
OneDriveLogDirectory="<Local path for logs OneDrive during logon>"
OneDriveEnabled="1"
LogFileName="<Local path for flexengine log>"

Update NoAD.xml with below attributes non-ADFS federation (like Workspace ONE Access)

ProfileArchivePath="<Local path for Profile Archive during logon>"
OneDriveLogDirectory="<Local path for logs OneDrive during logon>"
LogFileName="<Local path for flexengine log>"
OneDriveEnabled="1"
IsIWA="0"
DomainHint="<Customer Domain name>"

AD Mode Deployment Type

Copy the ‘VMware DEM OneDrive for Business’ ADMX template files to Active Directory PolicyDefinition and configure below settings.

OneDrive for Business Integration = <Enabled> & Provide the Log Directory Name

By default, this feature uses ADFS federation.


If you are having a non-ADFS federation like Workspace ONE Access, then enable interactive authentication. Domain name is mandatory for interactive authentication

Interactive authentication

Interactive authentication = <Enabled> & Provide the domain name

Validation

Login to VDI and make the required changes to your application or browser, then check the settings are exported to your OneDrive root directory, as shown below.

For more information, checkout the VMware product documentation VMWare Dynamic Environment Manager Product Page


I hope this will help you for storing user profile archive files in OneDrive and roam user settings across any device.

Please stay tuned for more upcoming DEM posts !!


105 views