Roaming profile can work in Entra ID via Intune ?

Yes, roaming profiles can work in an intra-domain (intra-ID) environment, and Microsoft Intune can help manage user profiles and data for devices within an Active Directory (AD) domain. However, there are some nuances to consider:

Key Points about Roaming Profiles with Intune

1. Traditional Roaming Profiles:
   • Roaming profiles rely on Active Directory (AD) and typically store user-specific settings and files on a shared network location.
   • When a user logs in to another domain-joined device, their profile is downloaded from this shared location.
   • Intune, being a cloud-based solution, does not directly support traditional roaming profiles as it manages settings via policies rather than shared network storage.
2. Modern Workaround: User Profile Management in Intune:
   • Intune can manage user data and profile settings through Enterprise State Roaming (ESR) and OneDrive for Business.
   • Enterprise State Roaming (part of Azure AD) allows settings, app data, and preferences to sync across devices without relying on traditional roaming profiles.
   • Use OneDrive’s Known Folder Move (KFM) feature to redirect user folders (Documents, Desktop, Pictures) to the cloud, achieving a similar roaming experience for files.
3. Hybrid AD + Intune:
   • If your organization uses a hybrid AD setup (on-premises AD synced with Azure AD), you can integrate Intune with Group Policy or use tools like FSLogix (from Microsoft) to provide a profile container solution for a roaming-like experience.
4. Fully Intune/Cloud Approach:
   • In environments managed entirely via Intune and Azure AD, traditional roaming profiles are replaced by solutions such as Windows Autopilot, ESR, and OneDrive for Business.
   • This approach works well with Windows 10/11, especially in modern work scenarios where users work from multiple devices.

Recommendations:

• Hybrid AD Environment: Use hybrid identity management with Intune and implement a profile container solution like FSLogix for roaming profile support.
• Cloud-Only Setup: Rely on Enterprise State Roaming and OneDrive to achieve a modern roaming profile equivalent.
• Ensure devices are domain-joined or Azure AD-joined for proper syncing and policy enforcement via Intune.

Would you like help setting up a specific solution or policy?

To create a policy with 3 options for managing user profiles in an Intune-managed environment, you can choose from the following approaches, each with distinct options to address different organizational needs. Here’s how you could set up the policy for Enterprise State Roaming (ESR), OneDrive Known Folder Move (KFM), and FSLogix for profile containers in a hybrid environment.

Policy 1: Enterprise State Roaming (ESR)

Objective: Sync user settings and app data across devices within a cloud-first environment using Azure Active Directory (AAD).

Steps to create:

1. Go to Microsoft Intune Admin Console.
2. Navigate to Devices → Configuration Profiles.
3. Create a Profile with the following settings:
   • Profile type: Windows 10 and later → Settings Catalog.
   • Add Settings: Search for Enterprise State Roaming and configure it as enabled.
4. Assign Profile to relevant users or groups.
5. Monitoring: Use Monitor to track sync status and resolve errors.

Options:

• Enabled: Enable ESR to allow users’ settings to roam across devices.
• Disabled: Disable ESR for users not requiring roaming settings.
• Audit Mode: Monitor and collect data on ESR usage without enabling full functionality.

Policy 2: OneDrive Known Folder Move (KFM)

Objective: Redirect common user folders (Desktop, Documents, Pictures) to OneDrive, allowing files to roam and sync automatically across devices.

Steps to create:

1. Go to Microsoft Intune Admin Console.
2. Navigate to Devices → Configuration Profiles.
3. Create a Profile with the following settings:
   • Profile type: Windows 10 and later → Templates → Administrative Templates.
   • Add Settings: Search for OneDrive and configure Known Folder Move settings.
   • Set the “Move Windows known folders to OneDrive” to Enabled.
4. Assign Profile to users/groups as needed.
5. Monitoring: Monitor KFM status in OneDrive Admin Console to track success/failure.

Options:

• Enabled: Move known folders to OneDrive for seamless sync and backup.
• Disabled: Keep folders local to the device.
• Notify Users Only: Alert users about KFM but don’t move the folders until they accept.

Policy 3: FSLogix Profile Containers (for Hybrid Environments)

Objective: Use FSLogix Profile Containers for a roaming profile solution in a hybrid Active Directory (AD) and Intune-managed environment.

Steps to create:

1. Install FSLogix: Deploy FSLogix Profile Containers on your environment (either via Group Policy or Intune).
2. Configure FSLogix:
   • Configure FSLogix to store user profiles on network shares or Azure File Storage.
   • Create a configuration file for FSLogix to link user profiles to containers.
3. Create a Profile in Intune:
   • Go to Microsoft Intune Admin Console → Devices → Configuration Profiles.
   • Profile type: Windows 10 and later → Custom.
   • Deploy the FSLogix configuration script to manage how profiles are loaded.

Options:

• Enabled: Enable FSLogix Profile Containers for seamless user profile management across devices.
• Disabled: Do not use FSLogix for user profiles.
• Audit Mode: Deploy FSLogix but monitor its performance without full deployment.

---

Summary of Policy Options:

1. Enterprise State Roaming (ESR)
   • Sync user settings across devices using Azure AD.
     • Options: Enabled / Disabled / Audit Mode.
2. OneDrive Known Folder Move (KFM)
   • Sync important user folders with OneDrive.
     • Options: Enabled / Disabled / Notify Only.
3. FSLogix Profile Containers
   • Manage user profiles via containers (Hybrid AD/Intune).
     • Options: Enabled / Disabled / Audit Mode.

Let me know if you’d like additional details or help implementing any of these policies.