Enterprise State Roaming: What does it?

Posted on by lars

If you are a Windows user, you may be familiar with the concept of settings and app data sync. This feature allows you to have a consistent and personalized experience across your Windows devices, by synchronizing your preferences, themes, passwords, browser data, and more. However, if you are using a Microsoft Entra account to sign in to your devices, you may wonder how this feature works in an enterprise environment, where security and compliance are paramount. This is where Enterprise State Roaming comes in.

What is Enterprise State Roaming?

Enterprise State Roaming is an optional feature for organizations that use Microsoft Entra ID or a hybrid of Microsoft Entra ID and on-premises Active Directory. It enables users to securely sync their user and app settings data to the cloud, using Azure storage and encryption. This means that users can have the same experience no matter which Windows device they sign in to, as long as the device is authenticated using a Microsoft Entra identity.

It is similar to the standard consumer settings sync that was first introduced in Windows 8, but with some key differences:

  • Data is stored in one or more Azure regions that best align with the country/region value set in the Microsoft Entra instance. The data is not replicated across regions, and it is subject to the same data sovereignty policies as other Microsoft Entra services.
  • Data is encrypted at rest and in transit using Azure Rights Management Services (Azure RMS). The encryption keys are managed by the organization, not by Microsoft. This ensures that only authorized users and devices can access the data.
  • Data is audited and monitored by Azure Active Directory (Azure AD). Administrators can view per-user device sync status reports and troubleshoot issues using the Microsoft Entra admin center.
  • Available to any organization with a Microsoft Entra ID P1 or P2 or Enterprise Mobility + Security (EMS) license. For more information on how to get a Microsoft Entra subscription, see the Microsoft Entra product page.

What does Enterprise State Roaming sync between devices?

Enterprise State Roaming syncs two types of data between devices: Windows settings and app data.

Windows settings

Windows settings are the preferences and configurations that affect the overall look and feel of Windows, such as theme, wallpaper, language, keyboard layout, ease of access, and more. These settings are stored in the registry and are associated with the primary account used to sign in to Windows.

Enterprise State Roaming syncs Windows settings across devices that use the same primary account. The primary account can be a Microsoft Entra account, an on-premises Active Directory account, or a local account. However, only devices that use a Microsoft Entra account or a hybrid of Microsoft Entra account and on-premises Active Directory account can use Enterprise State Roaming.

App data

App data is the information that apps store on the device, such as user preferences, game progress, documents, etc. App data can be stored in different locations, such as the registry, local app data folder, roaming app data folder, or OneDrive folder.

Enterprise State Roaming syncs app data across devices that use the same primary account and have acquired the app using the same account. The app acquisition account is determined when an app is installed through the Windows Store or mobile device management (MDM). If an app owner cannot be identified, it will roam with the primary account.

Enterprise State Roaming syncs app data for both modern Universal Windows Platform (UWP) apps and legacy Win32 apps. However, not all app data can be synced. Some app data may be too large or too sensitive to sync across devices. For example, it does not sync browser history or cookies.

How to enable Enterprise State Roaming?

To enable Enterprise State Roaming for your organization, you need to follow these steps:

  • Sign in to the Microsoft Entra admin center as a Global Administrator.
  • Browse to Identity > Devices > Overview > Enterprise State Roaming.
  • Select Users may sync settings and app data across devices.

For a Windows 10 or newer device to use Enterprise State Roaming, the device must authenticate using a Microsoft Entra identity. For devices that are joined to Microsoft Entra ID, the user’s primary sign-in identity is their Microsoft Entra identity, so no other configuration is required. For devices that use on-premises Active Directory, the IT admin must Configure Microsoft Entra hybrid joined devices.

Conclusion

Enterprise State Roaming is a feature that enhances the user experience and productivity across Windows devices, while ensuring security and compliance for the organization. It allows users to sync their Windows settings and app data to the cloud, using Azure storage and encryption. It also provides administrators with visibility and control over the sync data and devices. It is available to any organization with a Microsoft Entra ID P1 or P2 or EMS license.

Leave a Reply

Your email address will not be published. Required fields are marked *