Microsoft Previews New Windows 10 Roaming Feature

Microsoft this week took the wraps off a new service that gives organizations more control over roaming Windows 10 settings.

The service, called "Enterprise State Roaming," hit the preview stage on Thursday. The preview is just available in "supported U.S. and Europe regions" right now, Microsoft explained in its announcement, with a global rollout planned for the future.

The Enterprise State Roaming service requires having an Azure AD Premium subscription. In addition, Windows 10 version 1511 ("build 10586 or greater") is required.

To use Enterprise State Roaming, the Windows 10 devices must be joined to Azure AD. Alternatively, they can be joined to a local AD instance that has "automatic registration to Azure AD," Microsoft explained, in its announcement.

This sort of setup makes it possible to address some of the security, compliance and management needs that organizations may have when controlling Windows 10 devices. For instance, the service comes with a subset of the Azure Rights Management Service (RMS) that's been "restricted for Enterprise State Roaming use," Microsoft's announcement explained. Azure RMS is Microsoft's information protection service that works across various mobile devices. Typically, Azure RMS is used to do things like restrict access to documents in e-mails. In the case of the Enterprise State Roaming service, Azure RMS is used to automatically encrypt data "before leaving the user's Windows 10 device."

The Enterprise State Roaming service will store settings data in Microsoft's datacenters. The data are "encrypted at rest." There's also some assurance for organizations needing to meet data sovereignty compliance requirements. For instance, the data will get "stored in an Azure region based on the country associated with the Azure AD directory," Microsoft explained. That's an attempt to address European Union criteria for data storage.

IT pros can set up the Enterprise State Roaming service for Windows 10 clients using the Azure Admin Portal. After that's done, "Azure AD will automatically start syncing settings through the Azure cloud using enterprise accounts," Microsoft explained. IT pros can choose which settings to roam.

Microsoft already has a consumer "settings sync" capability for Windows 8/8.1 clients, which is dependent on the use of its consumer OneDrive storage service and the use of a Microsoft account for sign-in. However, this consumer sync approach doesn't have the same protections as the Enterprise State Roaming service.

The same Windows 10 device can be used for both personal and business use when using the Enterprise State Roaming service. For instance, it's possible add a Microsoft account to an Azure AD-joined Windows 10 client as a secondary account. However, in such cases, "the OS settings always roam with the primary account." Application data will get stored based on how the app was acquired -- that is, as a consumer app (in OneDrive) or as a business app (in Microsoft's datacenters).

It's not clear yet when the new Enterprise State Roaming service will reach general availability.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.