Microsoft introduces Enterprise State Roaming - the new roaming profile
Microsoft have announced the public preview of something called Enterprise State Roaming. Is this (finally) the solution for your roaming profile woes? Let's take a look.
These roaming controls for Windows 10 devices is just available in "supported U.S. and Europe regions" right now. A future global rollout of the service is planned. Perhaps the most important caveat is that you will need Azure AD to be able to use it (Microsoft REALLY wants Azure to be Skynet).
Enterprise State Roaming enables a number of benefits for enterprise customers. Among them are:
- Separation of corporate and consumer data – No mixing of enterprise data in a consumer cloud account or consumer data in an enterprise cloud account.
-
Enhanced security – All the data is automatically encrypted before leaving the user’s Windows 10 device by using Azure Rights Management (Azure RMS), and data stays encrypted at rest in the cloud. All content stays encrypted at rest in the cloud, except for the namespaces, like settings names and Windows app names. By the way, you don’t need a separate paid Azure RMS subscription to use this service. Microsoft provides free limited use Azure RMS service restricted for Enterprise State Roaming use.
- Better management – More control and visibility over who syncs settings in your organization and on what devices.
- Geographic location of data in the cloud – Data will be stored in an Azure region based on the country associated with the Azure AD directory. We understand it is important to some of our enterprise customers to ensure data stays within their geographic boundaries due to the compliance reasons.
What do I need to deploy Enterprise State Roaming?
All you need to deploy Enterprise State Roaming in your organization is the following:
-
An Azure Active Directory Premium subscription. Enterprise State Roaming requires an Azure Active Directory Premium subscription. At the time of GA, users will require to have premium licenses assigned to use this service.
-
Windows 10 (Version 1511, Build 10586 or greater). Devices must either be
-
AD Domain Joined with automatic registration to Azure AD
To me it is not clear if AppData for normal, 'legacy' Windows apps is also roamed. That would be kind of important in the real world. I would also be very worried about the speed of uploading something like that to a Microsoft Data Center, even if it is the closest one. And then multiply it by the number of users you have. And then also use that same WAN link for remote users. Nah ....