Microsoft Azure AD Active Directory collage from official

Enterprise State Roaming uses a consumer OneDrive folder and a personal Microsoft account. Unlike the sync settings feature, it is intended specifically for corporate use. As stated by Gunjan Jain, a Project manager for Microsoft’s Windows Server and Services team,

“The big difference between Enterprise State Roaming and settings sync lies under the hood. As much as the settings sync feature is well loved by consumers, it does not meet many enterprise customers’ needs. IT admins want to retain control of corporate data, even when an employee leaves the company. Enterprises users also want to separate work and personal data on their devices.”

Benefits of Using Enterprise State Roaming

• Corporate data is stored separately from consumer data.

• It uses Azure Rights Management to automatically encrypt data before it leaves the user’s Windows 10 device. It also stays encrypted while it stays in the cloud. Only the namespaces, such as the Windows app names and the settings names, remain unencrypted. This feature can also be used even without a paid Azure RMS account, as Microsoft allows its free and limited use for Enterprise State Roaming.

• More visibility and control is provided on who shall be responsible for syncing settings in the organization and for the selected devices.

• Data is stored within the users’ geographic boundaries. In particular, an Azure region is used, based on the country that is associated with the Azure AD directory.

Since this is only a public preview version of the feature, it is initially available only in European and US regions. An international roll out in the future is being planned.

With the Enterprise State Roaming feature, the security of corporate data is better ensured. It can also lead to increased productivity among employees as they no longer have to spend time in constantly syncing their devices.