Dubbed "Enterprise State Roaming," the capability is tied to Azure Active Directory (Azure AD) Premium, the commercial cloud-based directory and identity management service. Azure AD is, at the most basic, an in-the-cloud replacement for on-premises Windows Server-based Active Directory.
Enterprise State Roaming (ESR) was first mentioned by Microsoft in May 2015 when it trumpeted several Windows 10-specific functions powered by Azure AD, including self-provisioning, single sign-on and a corporate-oriented Windows app marketplace.
ESR was to be the enterprise-grade cousin to the personalization sync available in Windows 10, and before that, in Windows 8 and Windows 8.1 -- a souped-up, more granular version of the consumer-level skill set, essentially.
Rather than having to take or leave synchronization of everything -- what Directions on Microsoft analyst Wes Miller called a "blob" -- as was the case with the consumer functionality, ESR lets administrators pick and choose exactly what is synced, for whom and to what devices.
"This [Enterprise State Roaming] is very different from the roaming technology native in Windows 10," said Miller. "[IT administrators] were saying, 'I need to take this apart if I'm to use it.'"
Apps licensed by the company, for instance, roam -- in other words, synchronize so that they're available on multiple machines -- only on workplace-owned devices; ditto for office Wi-Fi passwords, and desktop and Internet Explorer settings mandated by corporate.
The ESR preview requires Windows 10 -- the November upgrade, to be specific, that's labeled 1511 -- and a subscription to Azure AD Premium. The Windows 10 system must be Azure AD joined, or joined to an on-premises Active Directory that is set to automatically register with Azure AD.
Azure AD Premium is a paid service, available separately for $6 per user per month; most commonly, it's obtained through a license to Enterprise Mobility Suite (EMS), which includes Azure AD Premium as part of the package.
Microsoft is pushing enterprises to adopt Azure AD as part of their move to Windows 10, said Miller. But the process won't be quick, as the cloud-based directory and identity service doesn't blend well with legacy and near-legacy editions of Windows, like Windows 7, and the user profiles that power settings-and-more synchronization there.
Traditionally, mixing and matching profiles generated by different editions of Windows has produced problems for enterprises -- one reason companies try to standardize on a single platform, such as Windows 7, and before that, Windows XP -- because of very specific requirements for hosting Active Directory. User profiles in Windows 7, for instance, require that Active Directory run on Windows Server 2008 R2.
"We'll see hybrid [environments] there for a good, long time," said Miller, referring to a blend of cloud-based and on-premises Active Directory. But as the older OSes age out and Windows 10 becomes dominant, Miller expects Azure AD -- and its feature set -- to become more attractive to enterprises.
"Azure AD is definitely something organizations should be looking into," said Miller. "People are doing profile roaming today anyway, so [enterprises] should keep a watch on Azure AD regardless of whether they're now using on-premises."