There are a handful of ways that you can use Microsoft Intune to map a network drive, with the primary methods adopted being via a script or configuration profile.Â
In this tutorial, I am going to show you how to map a network drive on your managed computer by using a configuration profile with an imported ADMX (Administrative template) file.Â
In my example, I am going to be focusing on mapping a network drive, with the letter G, to a share on a server local to my workstation, by the shares UNC path.Â
Requirements
- You must be an Intune Administrator to complete the tasks in this guide.
- The workstation you are deploying the mapped drive to must have connectivity to your local server hosting the share.
- The workstation can be local Active Directory joined and managed through Intune or joined to Azure Active Directory. If it is joined to Azure Active Directory and you are connecting to a network share on a local Active Directory network, you must have Azure AD Connect configured and working as well as a correctly configured DNS suffix handed out by DHCP.Â
Using mapped drives with Azure AD joined devices
A key step to modernising your approach to device management is removing your workstations from your local active directory and joining them to Azure Active Directory (making them AAD joined). That is its self can be quite a task depending on the environment, however focusing on authentication to member servers in your on-premise estate, Microsoft have made this process simple.Â
Thankfully, with the use of Azure AD Connect or Azure AD Cloud Sync, you can reap the benefits of the Single Sign-on experience (SSO) between Azure Active Directory and your on-premise services, such as application access, network file shares and printing.
Import the mapped drive ADMX files to Intune
To support and ability to use configuration profile in Intune to deploy mapped drives, we first need to import the custom ADMX files which will add this functionality.
There are 2 AMDX files we need to upload, the primary being the DriveMapping.admx file and the second being the Windows.admx file as a prerequisite. You can download them directly from my site here, or view them on my GitHub here.
To get the pre-requisite files, you can copy them from your own Windows 10/11 workstation at the following locations:
- C:\Windows\PolicyDefinitions\Windows.admx
- C:\Windows\PolicyDefinitions\en-US\Windows.adml
If you attempt to upload the DriveMapping.admx files without the pre-requisites, you will get the following error:
The upload of this ADMX file has failed. To continue, you will need to delete this upload, address the action in the error details and try again.
You can verify the prerequisites of any ADMX file but opening the ADMX in a text editor of your choice and analysing the information between <policyNamespaces> </policyNamespaces>. In our case, we can see the following:
<policyNamespaces>
<target prefix="DriveMapping" namespace="DriveMapping.Policies.DriveMapping" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
Specifically, the pre-requisite is defined by:
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
To upload the ADMX files to Intune, follow these steps:
2. Select Devices > Configuration profiles > Import ADMX.
3. Click Import and upload the Windows.admx and Windows.adml files, then click Next.
4. On the last page, click Create. You will see the upload of the file immediately in progress.
After a few seconds, click refresh and the status will turn to Available.
5. Click Import again, but this time upload the DriveMapping.admx and DriveMapping.adml files.
6. When all the files have been uploaded, the Import ADMX page should look like the following:
Deploy mapped drives with an Intune Configuration Profile
To deploy your mapped drive via a configuration profile, follow the below steps:
1. From the Microsoft Intune Home page, select Devices >Â Configuration profile > Create profile.
2. In the Create a profile window, select the Windows 10 and later platform and Profile type Templates. From the list of templates, select Imported Administrative templates and click Create.
3. Enter a meaningful name and description.
4. Expand the User configuration settings and click on the drive letter that you want to configure.
5. In the pop-out window, select Enabled and enter the remote path for the mapped drive, then click OK.
6. Continue to click through the wizard until you reach the Assignments page. Assign the configuration profile to the relevant group of users.
7. Click Next then Create.
Checking the deployment
Once the configuration profile is deployed we can review the assignment status from the overview tab of the configuration profile, wait until the deployment is succeeded.
On your workstation the drive should be mapped as expected.
Summary
In this tutorial, I have provided in detail, the steps to deploy a mapped drive using Intune and the AMDX deployment method, which in my option in the simplest and most convenient.
Hi Daniel,
I tried this and it did not map the drives. I assigned this to a user group and waiting for a long time (Intune policy status says pending for users). My devices are AAD only and the users access the On-prem via VPN.
Hi Mohammed,
Even without line of sight to the file server, the drive should still map. Can you access one of the machines and run a sync (or ask a user to run a sync), then have them sign out and back in.
Hi Daniel,
It finally mapped the drives, but took some time. The devices were able to sync, I even had the users reboot so that Intune forces the policy.
All good!.
Thanks
Thank you.
This worked perfectly. All other methods failed for me!!!
I am running into errors with this trying to map a SharePoint Library via url. It works manually but not when doing either of these methods.
I have tried the following for the file paths:
($site is just my site name I removed for this post)
\\company.sharepoint.com@SSL\DavWWWRoot\sites\$site
https://company.sharepoint.com/sites/$site/Shared%20Documents
I don’t imagine legacy SharePoint mappings are supported. I cannot foresee a valid reason you would do this, just use OneDrive 🙂
Hi, so i used this method and have encountered 2 users that had issues. First user the map drives were gone but when you go into net use, it would say they are mapped.
The second user the mapp drives were gone but they were not in the net use.
Now how do i re run the policy if intune thinks everything is valid so it is not re-applying the drives?
Hi Joshua,
Did this work with every other user? I’m not sure I can offer much help in isolated scenarios…
However, in most cases a system reboot has fixed.
Thank you
Dan
Just curious if there is a benefit to using this method over a PowerShell script? I am just starting to venture down this route and want to make sure I know the pros/cons of each method.
This method is a little simpler and at a glance anyone can login to the portal and see what is happening. With PowerShell, once you upload the file, you have to grab it down and convert it so it is readable and then deduce what it is doing later down the line.
Ultimately, it is up to you…
We are getting the drives mapped, but they can’t connect – while typing in a fully qualified name into file explorer works through our VPN. We attempted to update the path with the FQDN but it still shows X and errors on open
Hi Nigel,
There won’t be any validation done when the drive is mapped. If there is connectivity it should work.
I really like the simplicity and flexibility of this method, the issue that I am finding is that the policies stay in a pending state forever. It seems like I have to reboot and run several syncs before I can get the policy to apply and have the drive mappings apply, then they need to reboot again to show up.
Am I missing something? I have a group of Windows 365 workstations that need to mount drives based on Azure AD groups. So obviously the user needs to be logged in while the policy run and then they need to log off and back on for them to show up. It just seems to be taking forever for the policies to apply.
Hi!
That’s odd, generally speaking I have found that when I push through a manual sync on the device, either through the portal or through Windows settings, the policy applies very quickly. This is just while testing with an Azure AD joined and Windows 11 virtual machine hosted in Azure.
I have deploy to many client who are running both Windows 10 and 11 on Azure AD Joined laptop, that its always been very smooth, but I never set expectations that Intune will do anything quickly!
However, I have not tested with Windows 365 workstations. I don’t believe this is would necessarily be an issue with the Drive mapping, but just the nature of Intune itself.
i have simaliar experince with this, i have Drive mapping assigned to a User group in Azure, that put members in their based of the security group which gives access.
I can also see my ADD joined device, with status pending, but never seem to switch. Like the client doesnt recognize my user logged on to the device, since all where i see successfull i can see it put on to a user.
I have tried restarting the client serveral times, also running manuel sync both from company portal and Accounts in settings.
Nothing happends.
Hi, I am used your tutorial and at this point I cannot really say if it works. It is still on pending. My Question is, with which credentials is this drive mapped? With the credentials of each individual user? On the other site not every device is displayed on the pending status, my device is missing somehow? What am I doing wrong?
Hi Boris, did this map in the end?
Hi, is there or will there be an option to use this with passwords? For example, a NAS server outside the domain that utilizes local users.
Hi Simon, nothing within the same configuration profile no. You should integrate the NAS with your identity provider.
Hi,
So, I just gave this a try and it fails from the beginning. When I try to import the two files I just keep getting “Import failed” error.
I tried the files from the ZIP and also downloaded them from GitHub, in both cases the same.
I’m elevated to Intune Admin.
Any suggestions?
Is this still not working? it uploads fine for me, do you get a specific error?
Does this tattoo the device. if the mapped drive is no longer needed do i need to deploy a policy to disable before removing the policy?
Hi Adrian, no it shouldn’t tattoo the device.