
close
close
In today’s Ask the Admin, I’ll walk you through Microsoft Azure’s new Enterprise State Roaming (ESR) feature, which was made available as a preview in early February for customers with an Azure Active Directory Premium subscription.
advertisment
If your organization uses Azure Active Directory (Azure AD), or Azure AD and Windows Server Active Directory, Enterprise State Roaming brings the ability to sync user settings and Universal Windows Platform (UWP) app data between devices, much like what is provided today in Windows 10 by using a Microsoft Account and OneDrive.
Sync your settings in the Windows 10 Settings app (Image Credit: Russell Smith)
Azure AD is the directory services cloud-based sibling of Windows Server Active Directory that provides a subset of AD’s features to customers in the cloud. ESR can be used in conjunction with Azure AD to provide the benefits of synchronized settings, as enjoyed by consumers using Microsoft Accounts, but with the extra security required by business. For more information, see What is Azure Active Directory? and Join Windows 10 to Azure Active Directory on the Petri IT Knowledgebase.
Unlike consumer synchronization capabilities in Windows, Enterprise State Roaming gives organizations the control needed to make sure data stays safe, and separated from consumer account data. ESR settings and app data are stored in an Azure region that’s selected based on the country associated with the Azure Active Directory tenant, and ESR provides control and visibility over who is syncing what.
ESR uses Azure Rights Management (Azure RMS) to ensure that data is encrypted before it leaves Windows 10, and remains encrypted when at rest in the cloud, with the exception of namespaces that represent ‘settings’ names and UWP apps. A separate subscription for Azure RMS isn’t required to use Enterprise State Roaming.
advertisment
Windows 10 devices — Version 1511, Build 10586 or greater — joined to Azure AD can still have Microsoft Accounts, but OS settings and app data will only roam with the primary Azure AD account, although Microsoft plans to add multiple identity support in a future version of Windows 10. Equally, logging in to a personal device using a Microsoft Account doesn’t support synching of roaming data for apps purchased using an Azure AD account.
To enable Enterprise State Roaming, follow the instructions below.
ALL allows you to enable ESR for all users, and SELECTED allows you to choose specific users or groups.
User synchronization settings can be set under Accounts in the Windows 10 Settings app.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Microsoft Azure
Build 2022: Microsoft's Intelligent Data Platform Combines Data and Analytics
May 25, 2022 | Rabia Noureen
Microsoft Revises Restrictive Cloud Licensing Policies to Avoid EU Antitrust Probe
May 19, 2022 | Rabia Noureen
Microsoft's Azure AD Conditional Access Service Can Now Require Reauthentication
May 13, 2022 | Rabia Noureen
Microsoft Addresses Cross-Tenant Database Vulnerability in Azure PostgreSQL
Apr 29, 2022 | Rabia Noureen
Microsoft Simplifies IT Monitoring with New Azure Managed Grafana Service
Apr 19, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group