GPO Computer Configuration applied to group of users

I'm currently struggling with the following issue: in our organisation we want to prevent most users to access OneDrive. I found the following GPO setting in Computer Configuration to establish this:

Administrative Templates/Windows Components/OneDrive/Prevent the usage of OneDrive for file storage

However management should be allowed to use OneDrive so I created a Global Security Group containing all the management users, 'GRP_ALLOW_ONEDRIVE'.

Now we have 2 OU's: one containing the user & one containing the computers. So I link this GPO to the COMPUTERS OU & add a deny in the Security Settings for that specific group of users...

But this doesn't seem to work, which I should've guessed in the first place because it's Computer Configuration...

So basically my question comes down to this:

How can I successfully create a GPO in the COMPUTERS OU to disable OneDrive except for the users in the exception group? It should not matter what computer the management logs on to, they should always have access to OneDrive. All others users should not be able to start OneDrive, no matter what computer they log on to.

Thanks!

I tried this solution and it seems to work. Deleted the Computer Configuration setting & added a User Software Restriction Policy for %LOCALAPPDATA%\Microsoft\OneDrive\OneDrive.exe. Now the executable is blocked for all users except for the management who reside in the security group with a deny for this GPO. I also updated a registry key to hide the OneDrive from the navigation pane because it added itself even though the exe is blocked. HKCU\SOFTWARE\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2E‌​D1FE6}\System.IsPinn‌​edToNameSpaceTree = 0