← Back to blog
Microsoft 365

Windows Backup for Organizations replaces Enterprise State Roaming: the end-of-June 2026 deadline

By Zarioh Digital Solutions5 min read
Share
Windows Backup for Organizations replaces Enterprise State Roaming: the end-of-June 2026 deadline

At the end of June 2026, the management option for Enterprise State Roaming disappears from the Microsoft Entra portal. IT admins need to migrate to Windows Backup for Organizations via Intune before that date. What changes, what stays the same, and how do you carry out the migration?

In May 2026, Microsoft announced that Enterprise State Roaming is getting a new management plane: the configuration of Windows settings roaming is moving from the Microsoft Entra portal to Windows Backup for Organizations, managed through Microsoft Intune. The transition sounds technical, but the timeline is urgent. At the end of June 2026 — less than two weeks from now — the Enterprise State Roaming management page will disappear from the Entra portal. IT teams that have not yet taken action will lose control over which users sync settings and which do not.

This post explains what Enterprise State Roaming is, what Windows Backup for Organizations adds, what changes for users, and how to carry out the configuration step by step in Intune.

What is Enterprise State Roaming and what did it do?

Enterprise State Roaming (ESR) has existed since 2015 as part of Azure Active Directory, now Microsoft Entra ID. The feature ensures that certain user settings and data are synchronised via the cloud between devices belonging to the same employee. Think language preference, display settings, saved Wi-Fi networks, and browser settings. The principle is straightforward: an employee who switches laptops or logs back in after a reinstall finds their familiar environment without having to set everything up again.

Until now, ESR was enabled and managed via the Microsoft Entra portal, under Devices. Admins could activate it for all users or for specific groups. That management plane disappears at the end of June 2026. The underlying synchronisation itself does not stop immediately, but the ability to steer the policy from the Entra portal will be gone.

What does Windows Backup for Organizations add?

Windows Backup for Organizations is not simply a renamed ESR. It is an extension that integrates user settings synchronisation into the Intune ecosystem, allowing you to use the same policy mechanisms as for all other device and user configurations. The set of synchronised settings remains largely the same as with ESR, but the management plane becomes considerably richer.

A few concrete additions. During OOBE (Out-of-Box Experience) of a new device — such as during an Autopilot provisioning — the restore interface can now automatically restore user settings from the cloud. That significantly speeds up onboarding. In addition, Windows Backup for Organizations offers back-up of the user's Microsoft Store app list, scheduled backup behaviour, and granular control per category of settings: Windows settings, app data, credentials, and language preferences can each be toggled on or off independently.

What do users notice?

With a correctly executed transition, users notice nothing. Settings continue to roam between devices; the device behaves the same after a reinstall as before. What changes is entirely on the management side. That is precisely why the risk of doing nothing is not immediately visible: synchronisation keeps running for a while on the old configuration, but control over it silently disappears.

Organisations running shared devices — such as shared kiosk PCs or workstations used by multiple employees — typically want to disable settings roaming. With Intune you can explicitly exclude that group of devices or users from the backup policy. That was possible with ESR too, but less directly connectable to existing Intune groups.

How do you configure Windows Backup for Organizations in Intune?

The configuration runs through a new settings profile in the Microsoft Intune admin centre. Go to Devices, then Configuration profiles, and create a new profile for Windows 10 and later. Select Settings catalog as the profile type. Then add the setting via Administrative Templates, Windows Components, Sync your settings: enable the setting Enable Windows Backup.

Assign the profile to the user groups or device groups for which you want to enable settings roaming. You can use the same groups you have already defined for other Intune policies, which keeps management overhead low. Start with a pilot group and validate that synchronisation works on a test device by signing in with the same account on a second device and checking that settings carry over.

Want to exclude specific categories of settings? Do that by adding additional settings from the same section of the settings catalog. For example, you can disable credential synchronisation in environments with strict network segmentation, where it is undesirable for Wi-Fi passwords to roam to devices outside a specific location.

Five steps for the next two weeks

First step: check whether Enterprise State Roaming is currently active in your environment. Go to the Microsoft Entra portal, then Devices, and then Enterprise State Roaming. If it is enabled for all users or for a group, you need to act before the management page disappears at the end of June.

Second step: determine which user groups should receive settings roaming. Employees with multiple devices, remote workers, sales and management, and anyone who regularly switches laptops benefit the most. Shared device users are typically excluded.

Third step: create the Intune configuration profile as described above. Assign it to a pilot group and test the behaviour on a device belonging to a non-pilot user.

Fourth step: roll the policy out more broadly based on the pilot results. Validate that the setting categories you want to sync are correctly carried over, and that excluded groups receive no synchronisation.

Fifth step: after validation, deactivate the ESR setting in the Entra portal to avoid conflicts during the transition period. Microsoft allows both configurations to coexist temporarily, but a dual configuration increases the chance of unexpected behaviour.

Connection to compliance and reporting

An added benefit of moving to Intune is that the backup status of devices becomes directly visible in your existing Intune dashboards. You can run reports on which devices are successfully backing up and which are not, and link that to your broader compliance policies. For organisations working with ISO 27001, NIS2, or sector-specific audit requirements, this provides additional insight into the state of data protection at endpoint level.

Migrating from Enterprise State Roaming to Windows Backup for Organizations is not a major operation. For most Intune administrators it is a configuration profile that takes about half an hour. But the deadline is now, and doing nothing means silent loss of control. Does your IT team need support configuring Windows Backup for Organizations, a broader Intune audit, or streamlining your endpoint management? Contact Zarioh for a no-obligation conversation.

Z

Zarioh Digital Solutions

IT specialists from Utrecht, the Netherlands. We help businesses with Microsoft 365, AI agents, hosting and telephony — and share what we learn in practice. Follow us on LinkedIn

Related articles

← Back to all articles
Share