Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

What is Azure Active Directory Enterprise State Roaming?

In today’s Ask the Admin, I’ll walk you through Microsoft’s Azure Active Directory Enterprise State Roaming (ESR) feature, which is available for customers with an Azure Active Directory Premium subscription.

If your organization uses Azure Active Directory (Azure AD), or Azure AD and Windows Server Active Directory, Enterprise State Roaming brings the ability to sync user settings and app data between devices, much like what is provided in Windows 10 by using a Microsoft Account and OneDrive.

Sync your settings in the Windows 10 Settings app with Azure Active Directory Enterprise State Roaming (Image Credit: Russell Smith)

Azure AD is the directory services cloud-based sibling of Windows Server Active Directory. It provides a subset of AD’s features to customers in the cloud. ESR can be used in conjunction with Azure AD to provide the benefits of synchronized settings, as enjoyed by consumers using Microsoft Accounts, but with the extra security required by business. For more information, see Join Windows 10 to Azure Active Directory on the Petri IT Knowledgebase.

Unlike consumer synchronization capabilities in Windows, Enterprise State Roaming gives organizations the control needed to make sure data stays safe, and that it is separated from consumer account data. ESR settings and app data are stored in an Azure region that’s selected based on the country associated with the Azure Active Directory tenant, and ESR provides control and visibility over who is syncing what.

ESR uses Azure Rights Management (Azure RMS) to ensure that data is encrypted before it leaves Windows, and that it remains encrypted when at rest in the cloud, with the exception of namespaces that represent ‘settings’ names and modern Windows apps. A separate subscription for Azure RMS isn’t required to use Enterprise State Roaming.

Windows 10 devices – Version 1511, Build 10586 or greater – joined to Azure AD can still have Microsoft Accounts. But OS settings and app data will only roam with the primary Azure AD account, although Microsoft plans to add multiple identity support in a future version of Windows. Equally, logging into a personal device using a Microsoft Account doesn’t support synching of roaming data for apps purchased using an Azure AD account.

How to Enable Enterprise State Roaming in Azure Active Directory

To enable Enterprise State Roaming, follow the instructions below.

Log in to the Azure management portal.
Scroll down the menu on the left and click Active Directory.
Select a directory on the right and switch to the CONFIGURE tab.
If your region and subscription support ESR, you’ll see USERS MAY SYNC SETTINGS AND ENTERPRISE APP DATA under the available settings.
From there you can select ALL, SELECTED or NONE, which is the default setting.

ALL allows you to enable ESR for all users, and SELECTED allows you to choose specific users or groups.

Once you’ve picked the desired setting, click SAVE.

User synchronization settings can be set under Accounts in the Windows 10 Settings app.

by Russell Smith
Last Update: Jul 27, 2022
May 17, 2016

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

Top Azure Cloud Security Controls to Understand

Oct 31, 2023
Jan 08, 2024
Making Microsoft Azure Penetration Testing Work to Combat Threats

Nov 21, 2023
Azure VMware Solution – Maximizing Security and Control with Customer-Managed Keys

Oct 3, 2023
Oct 10, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.