From the course: Windows 10: Troubleshooting Cloud Integration
Azure AD Enterprise State Roaming
From the course: Windows 10: Troubleshooting Cloud Integration
Azure AD Enterprise State Roaming
- [Instructor] In an on-premises environment, you may have used roaming profiles for your users. Since Azure Active Directory is cloud-based, it provides you with the ability to log in from anywhere. However, it does not sync user profiles to the cloud by default. Organizations can allow roaming profiles, even within a cloud environment by using an Azure Active Directory premium feature called Enterprise State Roaming. Let's take a look. Enterprise State Roaming was introduced with Windows 10, and allows user and application settings to be synced to the cloud-based Active Directory. Any user with an Azure AD managed account can have their profile settings delivered from the cloud to all their devices that they log onto. This is great for the user, since it provides them with a personalized and familiar desktop experience each time they log on. Enterprise State Roaming can sync many settings. These include theme settings, such as desktop background and taskbar position, Internet Explorer and Microsoft Edge settings, such as browsing history and favorites, passwords, including internet passwords, Wi-Fi profiles, and others, language preferences, including dictionary settings, ease of access settings, for example, the on-screen keyboard and the magnifier, and other Windows 10 settings, such as your mouse settings. And the best part about Enterprise State Roaming is that it's really easy to configure using the Azure Active Directory admin center. As you can see from the screenshot, you simply need to select the scope of the feature. You either choose to allow all users, selected users, or no users, with the none setting, to sync their settings and app data. If you use the selected setting, then only users that you've selected will be able to sync their profile information. Let's take a look at some of the issues that you may need to troubleshoot for Enterprise State Roaming. The first thing you need to do when troubleshooting Enterprise State Roaming is check your configuration. This includes ensuring that Windows 10 has the latest updates installed, check that the device which is having issues is Azure AD joined, and as we've just seen, you'll need to ensure that you've enabled Enterprise State Roaming in the Azure AD admin center. You must also ensure that the user has been assigned an Azure Active Directory premium license, or an Enterprise Mobility and Security, or EMS license. On the user's device, you can check the settings to ensure that they allow syncing for Enterprise State Roaming. When a user's logged on to their device, they can use the settings app to ensure that the sync settings are configured, and you should check that the same user account is being used for the logon account and also the synced user account. If an end user sees a message within the settings app similar to, "Some Windows features are only available "if you are using a Microsoft account or work account," then there are two potential causes. Either Enterprise State Roaming has not been enabled, or the device has been registered and not joined to Azure AD. If you investigate and find that Enterprise State Roaming has been enabled, then you'll need to disconnect the registered device from Azure AD, reboot the device, and then join the device to Azure AD instead. If a device is not syncing, and you've checked the settings, then the issue might be due to when Enterprise State Roaming was enabled. If a user has logged into a device and been authenticated by Azure AD before Enterprise State Roaming was enabled, then the settings will not be synced. You can check if this is the case by using the dsregcmd.exe tool. We saw it in an earlier video. And check if the field for SettingsUrl is empty. To solve this issue, ask the user to restart the device and then log back in, and the settings should now sync. Multi-factor authentication can also cause problems with Enterprise State Roaming. This issue relates to signing in to a device specifically using a password when multi-factor authentication is also used. There are a couple of workarounds to this issue, including, you can complete the multi-factor process by signing in to other cloud services, such as Office 365, or sign into the device by using Microsoft Hello or a PIN. Finally, there are several other less common known issues with Enterprise State Roaming, which you can review using the website onscreen.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Cloud troubleshooting38s
-
(Locked)
User account issues4m 7s
-
(Locked)
Azure AD register versus join6m 13s
-
(Locked)
Azure AD join set-up issues8m 15s
-
Enrolling a new device into modern management4m 41s
-
(Locked)
Remote desktop connections to Azure AD connected devices5m 9s
-
Azure AD Enterprise State Roaming5m 7s
-
(Locked)
Troubleshooting groups4m 15s
-
(Locked)
Troubleshooting MFA3m 13s
-
(Locked)
User login issues6m
-
(Locked)
Self-service password reset issues4m 10s
-
(Locked)
The automated troubleshooter1m 38s
-
(Locked)
-
-
-
-
-
-
-
-