Introduction
Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security (EMS) license.
It enables users to sync user- and application settings across devices. It is an upgraded version of what you probably know as Roaming profile, but with no on-premise server involved.
What if we could have an environment where device replacement would have much less impact on users?
Read along!
Prerequisites
- Azure Active Directory Premium subscription.
- Windows Creators Update (Build 15063) or above
- Win 10 computers should be Azure AD, or Hybrid Azure AD joined.
How to enable ESR in your Azure tenant
How to enable ESR on the clients
Easy, it will apply automatically to the user when the setting in Azure has been set
If you are in a hybrid environment, my colleague Lars Lohmann have created a thorough guide how to:
http://blog.mindcore.dk/2019/01/enterprise-state-roaming.html
How to disable ESR on specific clients using Intune
Sometimes we have different needs and as ESR enables on the user, it will be enabled on every Azure AD enabled device. If you have some groups of devices where this setting should not apply, simply create a policy to disable it on device level.
https://endpoint.microsoft.com/
Devices -> Windows -> Configuration profiles -> Create Profile -> Windows 10 and later -> Custom
– ESR Sync Disable
– Enable Enterprise State Roaming
– ./VENDOR/MSFT/POLICY/CONFIG/EXPERIENCE/ALLOWSYNCMYSETTINGS
– Interger
– 0
Hit “add” and next
Assign it to a test group
Press Select -> Next –> Create
What is synced by Enterprise State Roaming?
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-faqs
How to make a nice device platform with UE-V
A lot of businesses are still running legacy applications, and the benefit for moving towards MSIX has not been huge enough to make it happen. Also, not all apps are able to be packaged as MSIX as it has limitations. If you like to have a nice desktop roaming solution for other items than covered in above matrix, you must deal with UE-V and add the setting you like to roam. Let us have a look how to do that.
Instead of doing a post how to do UE-V, Aaron parker (Follow this guy, he is brilliant) already did an extensive post on how to set it up and how to deal with no on-prem servers.
https://stealthpuppy.com/user-experience-virtualzation-intune/
UE-V Templates ready to download
Custom UE-V templates to fit your needs
https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications
Known Issues
There are always know errors and I am not going to rewrite what Microsoft already did well. There are known issues on different versions of windows and what settings are not working. I recommend you check it out before ripping of your hair in frustration if you see any troubles in your environment
Summary
To ensure data roaming across devices in a modern world where on-prem servers are not present, we can build a nice environment gathering 3 technologies together.
- Enterprise State Roaming
- User Experience Virtualization
- OneDrive
This will ensure that it is easier for the user obtaining a new device when the current is broken or just old and needs to be upgraded.
