- Mattias Melkersen Kalvåg
- August 21, 2020
- Return to our Tech Blog
Blog » Modern Roaming Profile – Enterprise State Roaming (ESR) + UE-V
Modern Roaming Profile – Enterprise State Roaming (ESR) + UE-V
Introduction
Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security (EMS) license.
It enables users to sync user- and application settings across devices. It is an upgraded version of what you probably know as Roaming profile, but with no on-premise server involved.
What if we could have an environment where device replacement would have much less impact on users?
Read along!
Prerequisites
- Azure Active Directory Premium subscription.
- Windows Creators Update (Build 15063) or above
- Win 10 computers should be Azure AD, or Hybrid Azure AD joined.
How to enable ESR in your Azure tenant
How to enable ESR on the clients
Easy, it will apply automatically to the user when the setting in Azure has been set
If you are in a hybrid environment, my colleague Lars Lohmann have created a thorough guide how to:
http://blog.mindcore.dk/2019/01/enterprise-state-roaming.html
How to disable ESR on specific clients using Intune
Sometimes we have different needs and as ESR enables on the user, it will be enabled on every Azure AD enabled device. If you have some groups of devices where this setting should not apply, simply create a policy to disable it on device level.
https://endpoint.microsoft.com/
Devices -> Windows -> Configuration profiles -> Create Profile -> Windows 10 and later -> Custom
– ESR Sync Disable
– Enable Enterprise State Roaming
– ./VENDOR/MSFT/POLICY/CONFIG/EXPERIENCE/ALLOWSYNCMYSETTINGS
– Interger
– 0
Hit “add” and next
Assign it to a test group
Press Select -> Next –> Create
What is synced by Enterprise State Roaming?
https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-faqs
How to make a nice device platform with UE-V
A lot of businesses are still running legacy applications, and the benefit for moving towards MSIX has not been huge enough to make it happen. Also, not all apps are able to be packaged as MSIX as it has limitations. If you like to have a nice desktop roaming solution for other items than covered in above matrix, you must deal with UE-V and add the setting you like to roam. Let us have a look how to do that.
Instead of doing a post how to do UE-V, Aaron parker (Follow this guy, he is brilliant) already did an extensive post on how to set it up and how to deal with no on-prem servers.
https://stealthpuppy.com/user-experience-virtualzation-intune/
UE-V Templates ready to download
Custom UE-V templates to fit your needs
https://docs.microsoft.com/en-us/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications
Known Issues
There are always know errors and I am not going to rewrite what Microsoft already did well. There are known issues on different versions of windows and what settings are not working. I recommend you check it out before ripping of your hair in frustration if you see any troubles in your environment
Summary
To ensure data roaming across devices in a modern world where on-prem servers are not present, we can build a nice environment gathering 3 technologies together.
- Enterprise State Roaming
- User Experience Virtualization
- OneDrive
This will ensure that it is easier for the user obtaining a new device when the current is broken or just old and needs to be upgraded.
- Return to our Tech Blog
Share this post
Table of Contents
- Categories: Azure, Azure ad, Microsoft 365, Windows 10
Share this post
Search blog posts
Authors
Sune Thomsen
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.
View profile
Michael Nielsen
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
View profile
Daniel Britze
Cloud & Security Specialist, with a passion for all things Cybersecurity
View profile
Frank van Zandwijk
Cloud and infrastructure security specialist with background in networking.
View profile
Henning Hofflund
Infrastructure architect with focus on design, implementation, migration and consolidation.
View profile
- Add our RSS Feed
Categories
- Active Directory (35)
- Analytics (1)
- Applications (1)
- Applications (1)
- Autopilot (1)
- Azure (38)
- Azure ad (50)
- Azure ARC (4)
- Azure Automation (1)
- BYOD (1)
- Cloud PC (19)
- Conditional Access (7)
- Cost Optimization (2)
- Deployment (9)
- DevOps (1)
- DirectAccess (3)
- DNS (2)
- Endpoint Analytics (4)
- Exchange Online (1)
- Governance (5)
- GPO (26)
- Group Policy Analytics (3)
- Identity (2)
- Intune (51)
- Log Analytics (7)
- MDT (10)
- MEM (31)
- MFA (6)
- Microsoft 365 (26)
- Microsoft 365 Apps (23)
- Microsoft Defender for Endpoint (9)
- Microsoft Endpoint Configuration Manager (14)
- Microsoft Endpoint Manager (16)
- Microsoft Endpoint Manager Admin Center (13)
- Microsoft Entra ID (2)
- Mindcore Tech (3)
- MS Edge (5)
- MSIX (5)
- OneDrive for Business (5)
- Password Reset (5)
- Password-less (3)
- PowerShell (21)
- Privileged Identity Management (3)
- Remote Desktop (6)
- Reporting (3)
- Retention Labels (1)
- SCCM (82)
- SCEP (10)
- Security (20)
- Sentinel (4)
- SharePoint (5)
- SQL (11)
- SSPR (4)
- Teams (16)
- Tenant Attach (3)
- Uncategorized (41)
- Update Compliance (1)
- Update Management (2)
- Virtual Machine (2)
- WDAG (1)
- Win32 (1)
- Windows (56)
- Windows 10 (77)
- Windows 11 (27)
- Windows 365 (18)
- Windows Autopatch (1)
- Windows Defender Application Guard (4)
- Windows Hello for Business (2)
- Windows Server (22)
- Windows Virtual Desktop (5)
- WSUS (6)
- XenApp (31)