Windows 10 Gets Azure Active Directory Enterprise State Roaming Service
Microsoft's Azure Active Directory Enterprise State Roaming service for Windows 10 went live this week.
A public preview of the Azure AD Enterprise State Roaming service was released back in February, but it's now reached "general availability" status, Microsoft announced. That milestone signifies that the service is deemed ready for use in production environments by the company.
This service can be used to ensure that settings for so-called "modern applications" stay consistent across devices running Windows 10. IT pros can choose which settings will roam, such as settings for browsers (Internet Explorer and Microsoft Edge), passwords, desktop themes and language preferences, among others. Microsoft's "Settings and data roaming FAQ" document lists the options.
The new roaming service supports bring-your-own-device kinds of scenarios. For dual-purpose devices used for both work and play, the Enterprise State Roaming service is designed to separate consumer application settings data from that data used for business applications. Microsoft's datacenters store the settings data, but encryption is enforced both in transit and at rest for security purposes, Microsoft claims. The encryption happens via the Azure Rights Management Service.
The Fine Print
IT pros should check the fine print on Enterprise State Roaming, which can be found, in part, in the "Settings and data roaming FAQ" document. For instance, Microsoft explains that "roaming only works for Universal Windows apps." If an organization wants to roam the settings of classic Win32 apps, then Microsoft suggests using its User Experience Virtualization (UE-V) solution. UE-V is part of the Microsoft Desktop Optimization Pack suite of tools, an added-cost option for organizations opting for Software Assurance coverage. Alternatively, the code of Win32 desktop apps can be converted and made more Universal Windows Platform friendly using Microsoft's "Desktop Bridge" converter.
For organizations wanting to store their sync settings data on premises, and not in Microsoft's datacenters, Microsoft recommends using its UE-V solution. However, it's possible to mix UE-V use with Enterprise State Roaming for Windows 10.
Microsoft's FAQ explained that Enterprise State Roaming for Windows 10 differs from the settings synchronization scheme that is used with Windows 8 and Windows 8.1 clients, which relies on Microsoft accounts. Enterprise State Roaming for Windows 10 instead uses a primary (Azure AD) and secondary (Microsoft account or social media account) approach to segregate business and consumer settings storage. However, the Windows 10 sync process is only associated with the primary account.
"In Windows 10, only the primary account for the device can be used for settings sync (see How do I upgrade from Microsoft account settings sync in Windows 8 to Azure AD settings sync in Windows 10?)," the FAQ explained.
An application gets tagged for the primary account or secondary account. This tagging happens during the app "sideloading" process. Sideloading is way of getting applications into either the Windows Store or a portal page for mobile device access.
The FAQ document listed a few "known issues" with Enterprise State Roaming for Windows 10. For instance, older Internet Explorer browsers may not sync their browser "favorites" lists. The May Windows 10 Cumulative Update can address this issue. Multifactor authentication could cause synchronization to fail. Logins using smart cards will cause synchronization to fail.
Enterprise State Roaming for Windows 10 is not exactly available worldwide right now. At press time, just some Azure datacenters in the United States, Europe and Southeast Asia were shown has having the service. Availability is shown on Microsoft's Azure regions list. Microsoft sells the Enterprise State Roaming service as part of an Azure Active Directory Premium subscription.
In other Azure AD news, Microsoft announced this week that analyst and consulting firm Gartner Inc. has bestowed its Magic Quadrant "leader" designation on Microsoft's cloud-based identity and access management solutions.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.