Can OneDrive Silent Login work even without SSO configured on non-persistent VDI?

Diellza Marmullaku 40 Reputation points
2025-03-11T07:35:42.6733333+00:00

Hello

I’m hoping to get some insights from anyone on OneDrive and non-persistent VDI since I seem to be stuck and cannot solve this issue for our users. I appreciate any advice or input.

General Question:

  • Is it even possible for OneDrive Silent Login to work without SSO in a Non-Persistent VDI setup?
  • I’ve read that OneDrive, Teams, and other M365 apps each use different authentication methods for sign-in—can anyone confirm if that’s the case?

Now to our issue:
We are facing an issue where Silent Sign-In for OneDrive does not work in our Non-Persistent VDI environment. The OneDrive icon in the icon tray tries to connect, but it never works. Users must manually log in to OneDrive after each session, despite having their accounts synchronized to Microsoft Entra ID.

Details about our environment:

  • Infrastructure: VMware Horizon-based Non-Persistent VDIs (Linked Clones)
  • Profile Management: FSLogix for user profile persistence
  • OS: Windows 10
  • Identity Management: Synchronized users Devices domain-joined (On-Prem AD) but not Hybrid Azure AD Joined.
  • No direct SSO/Seamless Sign-On configured: That is because within our Domain contains multiple clients and SSO has already been activated for our biggest client.
  • Users are hybrid and are synchronized to Microsoft Entra ID via Azure AD Connect.
    Our goal is to enable Silent Sign-In for OneDrive without requiring full Hybrid Azure AD Join or SSO, as the VDIs are non-persistent and reset after each session.
  • Hybrid Join using the SCP in the azure AD Connect is already enabled for another client in our domain too.

Steps we've taken so far:

  • Enabled GPO "Silently sign in users to the OneDrive sync app with their Windows credentials"
  • Enabled GPO "Automatically workplace join client computers" under Device Registration (does not seem to work), the VDI sessions do not get registered in Entra ID.
  • DmEnrollmentSvc Service is activated on the Golden Image and is therefore now running on the linked Clients too.

Does anyone know or have an input as to what we could test next?

Microsoft 365 and Office | OneDrive | For business | Windows
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Emi Zhang-MSFT 30,051 Reputation points Microsoft External Staff
    2025-03-12T01:35:40.3533333+00:00

    Hi,

    It sounds like you're dealing with a complex setup. Let's break down your questions and issues:

    General Question:

    1. Is it possible for OneDrive Silent Login to work without SSO in a Non-Persistent VDI setup? Generally, OneDrive Silent Login relies on SSO to authenticate users seamlessly. Without SSO, users typically need to manually log in each session. However, there are configurations that might help mitigate this issue, such as using FSLogix for profile management and ensuring the OneDrive sync client is installed per machine.
    2. Do OneDrive, Teams, and other M365 apps use different authentication methods for sign-in? Yes, different Microsoft 365 apps can use varied authentication methods. For example, Teams supports cloud-only, hybrid, and federated identity models45. OneDrive typically uses the user's Windows credentials for silent sign-in, but this requires the device to be Azure AD joined.

    Your Issue:

    You've enabled relevant GPOs and activated necessary services, but the VDI sessions aren't registering in Entra ID.

    Suggestions:

    1. Ensure OneDrive Sync Client Installation: Make sure the OneDrive sync client is installed per machine, not per user. This can improve the login process in non-persistent environments.
    2. Check FSLogix Configuration: Verify that FSLogix is correctly configured to handle user profiles and OneDrive settings. Ensure you're using the latest versions of FSLogix and OneDrive.
    3. Review Device Registration: Since your VDI sessions aren't registering in Entra ID, double-check the configuration of the "Automatically workplace join client computers" GPO and ensure the DmEnrollmentSvc service is running correctly.
    4. Network Utilization Planning: High network I/O during login can affect performance. Review Microsoft's guidelines on network utilization planning for OneDrive.

    I also suggest you refer to these support articles to get more information:

    https://learn.microsoft.com/en-us/sharepoint/sync-vdi-support

    https://tech.tristantyson.com/VMwareHorizonOneDrive

    Just checking in to see if the information was helpful. Please let us know if you would like further assistance.


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.