VMware Dynamic Environment Manager (DEM) is a tool designed for user profile management through dynamic policy configuration. It provides an easy way of managing application settings and user customizations, providing end-users with a personalized desktop experience across any virtual, physical and cloud-based Windows desktop environment.
In this post, I am going to explain how VMware Dynamic Environment Manager (DEM)
(v2111 onwards) and Microsoft OneDrive Sync feature enables to store of user profile archives at the OneDrive root of the logged-in user.
Prerequisites for Integration
On-premises AD federation with Azure AD
On-premises AD sync with Azure AD using ADConnect
Azure AD Multi-Tenant App
SMB Share for VMware DEM FlexEngine Configuration file path
VMware DEM FlexEngine profile archive path
SMB share is not needed for profile archives and logs with this feature. However, FlexEngine needs an SMB share for Flex configuration file.
Steps
Install Dynamic Environment Manager v2111 or latest
Provision the Dynamic Environment Manager Azure AD app by accessing the following URL.
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=c504654f-97ac-4e31-ba2c-d8cb284bb948
Replace {tenant-id} of the above URL with the tenant ID of the organization.
Note: Ensure that you have logged in to the tenant as an administrator.
Post app provision, login to Azure portal and validate the apps settings ( All services >> App registrations )
3. Configure DEM for OneDrive Settings using GPO or NoAD.xml
NoAD Mode Deployment Type
Update NoAD.xml with below additional attributes for (ADFS federation)
ProfileArchivePath="<Local path for Profile Archive during logon>"
OneDriveLogDirectory="<Local path for logs OneDrive during logon>"
OneDriveEnabled="1"
LogFileName="<Local path for flexengine log>"Update NoAD.xml with below attributes non-ADFS federation (like Workspace ONE Access)
ProfileArchivePath="<Local path for Profile Archive during logon>"
OneDriveLogDirectory="<Local path for logs OneDrive during logon>"
LogFileName="<Local path for flexengine log>"
OneDriveEnabled="1"
IsIWA="0"
DomainHint="<Customer Domain name>"AD Mode Deployment Type
Copy the ‘VMware DEM OneDrive for Business’ ADMX template files to Active Directory PolicyDefinition and configure below settings.
OneDrive for Business Integration = <Enabled> & Provide the Log Directory Name
By default, this feature uses ADFS federation.
If you are having a non-ADFS federation like Workspace ONE Access, then enable interactive authentication. Domain name is mandatory for interactive authentication
Interactive authentication
Interactive authentication = <Enabled> & Provide the domain name
Validation
Login to VDI and make the required changes to your application or browser, then check the settings are exported to your OneDrive root directory, as shown below.
For more information, checkout the VMware product documentation VMWare Dynamic Environment Manager Product Page
I hope this will help you for storing user profile archive files in OneDrive and roam user settings across any device.
Please stay tuned for more upcoming DEM posts !!