Unable to get Edge Beta or Dev to actually honor RoamingProfileSupportEnabled setting

%3CLINGO-SUB%20id%3D%22lingo-sub-1587610%22%20slang%3D%22en-US%22%3EUnable%20to%20get%20Edge%20Beta%20or%20Dev%20to%20actually%20honor%20RoamingProfileSupportEnabled%20setting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1587610%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20was%20called%20out%20that%20in%20the%20latest%20beta%20version%20of%20Edge%20(85%2B)%20that%20on-premises%20cloudless%20sync%20should%20be%20working%20in%20the%20form%20of%20support%20for%20the%20RoamingProfileSupportEnabled%20GPO%2Fregistry%20setting.%26nbsp%3B%20I%20installed%20a%20copy%20of%20Edge%20beta%20and%20I%20enabled%20that%20setting%20via%20GPO%2C%20but%20Edge%20does%20not%20seem%20to%20honor%20it.%26nbsp%3B%20I%20see%20that%20it%20has%20created%20the%20registry%20item%20in%20HKLM%5CSoftware%5CPolicies%5CMicrosoft%5CEdge%2C%20but%20Edge%20does%20not%20create%20the%20folder%2Ffile%20in%20the%20AppData%5CRoaming%5CMicrosoft%20directory.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20exactly%20does%20one%20get%20this%20to%20work%3F%26nbsp%3B%20This%20is%20a%20blocking%20issue%20for%20deploying%20Edge%20in%20my%20organization%3B%20we%20use%20roaming%20profiles%20but%20we%20do%20not%20use%20cloud%20sync%20at%20all.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1599737%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20get%20Edge%20Beta%20or%20Dev%20to%20actually%20honor%20RoamingProfileSupportEnabled%20setting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1599737%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F397714%22%20target%3D%22_blank%22%3E%40billroland%3C%2FA%3E%26nbsp%3BThis%20setting%20works%20with%20on-premise%20Active%20Directory%20profiles%2C%20which%20you%20can%20enable%20with%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23configureonpremisesaccountautosignin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EConfigureOnPremisesAccountAutoSignIn%3C%2FA%3E%26nbsp%3Bpolicy.%20We%20will%20soon%20publish%20a%20dedicated%20documentation%20page%20for%20this%20feature%20which%20will%20include%20this%20plus%20a%20few%20other%20tips.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1599865%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20get%20Edge%20Beta%20or%20Dev%20to%20actually%20honor%20RoamingProfileSupportEnabled%20setting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1599865%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565401%22%20target%3D%22_blank%22%3E%40scottbo_msft%3C%2FA%3E%26nbsp%3BThanks%2C%20but%20that%20doesn't%20actually%20seem%20to%20work%20either.%26nbsp%3B%20When%20I%20enable%20that%20setting%2C%20it%20picks%20up%20my%20Active%20Directory%20account%20without%20any%20problem%2C%20but%20then%20wants%20me%20to%20%22complete%20signing%20in%22%20which%20then%20drives%20me%20to%20try%20and%20log%20into%20Microsoft%20online%20services.%26nbsp%3B%20It%20doesn't%20find%20an%20account%20there%20because%20there%20isn't%20one.%26nbsp%3B%20Am%20I%20missing%20something%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1622998%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20get%20Edge%20Beta%20or%20Dev%20to%20actually%20honor%20RoamingProfileSupportEnabled%20setting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1622998%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565401%22%20target%3D%22_blank%22%3E%40scottbo_msft%3C%2FA%3E%26nbsp%3BIs%20that%20documentation%20page%20available%20yet%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EI%20was%20able%20to%20get%20Edge%2085%20stable%20to%20create%20the%20Roaming%20profile%20.pb%20file%20using%26nbsp%3BConfigureOnPremisesAccountAutoSignIn%26nbsp%3B(this%20DEFINITELY%20needs%20to%20be%20mentioned%20as%20a%20requirement%20in%20the%20settings%20reference%20for%20RoamingProfileSupportEnabled)%20set%20to%201%2C%20BUT%20the%20first%20time%20I%20open%20Edge%20with%20that%20combination%20of%20options%20set%20on%20every%20machine%2C%20I%20get%20a%20pop-up%20(see%20attached)%20saying%20sync%20isn't%20available%20for%20this%20account%20(is%20this%20still%20referring%20to%20cloud%20sync%3F%3F).%20However%2C%20when%20I%20go%20into%20settings%2C%20it%20then%20says%20%22Sync%20is%20on%22%20with%20a%20green%20check%20mark%2C%20and%20the%20roaming%20profile.pb%20file%20is%20populating%20correctly.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EWhat%20is%20the%20purpose%20of%20that%20pop-up%3F%20Why%20is%20automatic%20on-prem%20domain%20sign-in%20a%20requirement%20for%20using%20the%20roaming%20profile%20creation%20mechanism%20(what%20is%20the%20benefit)%3F%20Am%20I%20missing%20it%2C%20or%20is%20there%20a%20policy%20combination%20to%20force%20on-prem%20domain%20sign-in%20but%20disallow%20creation%20of%20other%20%22local%22%20Edge%20profile%20and%20disallow%20signing%20into%20other%20Microsoft%20Online%20accounts%3F%20With%20Google%20Chrome%2C%20we%20can%20enable%20Roaming%20Profile%20Support%2C%20and%20the%20requirement%20is%20that%20SyncDisabled%20must%20not%20be%20in%20use%2C%20which%20means%20users%20can%20sign%20into%20Google%20accounts%20and%20sync%20appears%20to%20be%20on%20in%20the%20GUI%2C%20but%20it%20does%20not%20actually%20sync%20anything%20to%20the%20cloud%20since%20it%20is%20syncing%20locally%20to%20the%20profile.pb.%20With%20Edge's%20implementation%2C%20if%20we%20are%20using%20Roaming%20Profiles%20on-prem%2C%20and%20just%20want%20Edge%20to%20write%20to%20a%20profile.pb%20in%20%25APPDATA%25%2C%20is%20there%20a%20way%20to%20prevent%20users%20from%20signing%20in%20with%20a%20Microsoft%20cloud%20account%20and%20syncing%20to%20the%20cloud%3F%20(I%20know%20we%20can%20block%20consumer%20MSA%20login%20via%20group%20policy).%20Because%2C%20in%20testing%2C%20I%20noticed%20that%2C%20if%20one%20creates%20an%20additional%20profile%20in%20Edge%20and%20signs%20in%20with%20an%20unrelated%20Microsoft%20cloud%20account%2C%20the%20on-prem%20domain%20account%20profile%20in%20Edge%20will%20stop%20writing%20to%20the%20roaming%20.pb%20file%20(but%20will%20still%20say%20%22Sync%20is%20on%22).%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EAnd%20finally%2C%20does%20RoamingProfileSupport%20on%20only%20support%20a%20single%20profile%20in%20Edge%3F%20Edge%20by%20default%20stores%20the%20roaming%20info%20in%20%25APPDATA%25%5CMicrosoft%5CEdge%5CUser%20Data%5Cprofile.pb%20and%20seems%20to%20only%20do%20this%20for%20the%20SSO-enabled%20on-prem%20AD%20account%20profile%20in%20Edge.%20Google%20Chrome%2C%20on%20the%20other%20hand%2C%20when%20using%20RoamingProfileSupport%2C%20uses%20individual%20per-Chrome-profile%20subfolders%20(e.g.%26nbsp%3B%25APPDATA%25%5CGoogle%5CChrome%5CUser%20Data%5CDefault%5Cprofile.pb).%20So%20with%20Edge's%20implementation%2C%20locked%20to%20the%20on-prem%20AD%20account%20the%20user%20is%20signed%20in%20with%20as%20it%20seems%20to%20be%2C%20is%20there%20no%20way%20to%20capture%2Froam%20additional%20profiles%20created%20by%20the%20user%3F%20(some%20power%20users%20do%20this%20to%20maintain%20distinct%20browser%20environments)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1668342%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20get%20Edge%20Beta%20or%20Dev%20to%20actually%20honor%20RoamingProfileSupportEnabled%20setting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1668342%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F397714%22%20target%3D%22_blank%22%3E%40billroland%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565401%22%20target%3D%22_blank%22%3E%40scottbo_msft%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20also%20get%20the%20same%20error%20configured%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fenterprise%2Funable-to-get-edge-beta-or-dev-to-actually-honor%2Fm-p%2F1599865%23M2291%22%20target%3D%22_blank%22%3ERoamingProfileSupportEnabled%3C%2FA%3E%26nbsp%3Band%20ConfigureOnPremisesAccountAutoSignIn%20using%20Stable%20v85%20and%20also%20get%20the%20%22Complete%20Sign-In%22%20prompt%20and%20no%20file%20saved%20in%20the%20roaming%20folder%3F%20We%20need%20to%20get%20this%20working%20as%20its%20stopping%20us%20deploy%20it%20for%20one%20of%20our%20large%20clients.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

It was called out that in the latest beta version of Edge (85+) that on-premises cloudless sync should be working in the form of support for the RoamingProfileSupportEnabled GPO/registry setting.  I installed a copy of Edge beta and I enabled that setting via GPO, but Edge does not seem to honor it.  I see that it has created the registry item in HKLM\Software\Policies\Microsoft\Edge, but Edge does not create the folder/file in the AppData\Roaming\Microsoft directory.  

 

How exactly does one get this to work?  This is a blocking issue for deploying Edge in my organization; we use roaming profiles but we do not use cloud sync at all.

7 Replies

@billroland This setting works with on-premise Active Directory profiles, which you can enable with the ConfigureOnPremisesAccountAutoSignIn policy. We will soon publish a dedicated documentation page for this feature which will include this plus a few other tips.

@scottbo_msft Thanks, but that doesn't actually seem to work either.  When I enable that setting, it picks up my Active Directory account without any problem, but then wants me to "complete signing in" which then drives me to try and log into Microsoft online services.  It doesn't find an account there because there isn't one.  Am I missing something?

@scottbo_msft Is that documentation page available yet? 

 

I was able to get Edge 85 stable to create the Roaming profile .pb file using ConfigureOnPremisesAccountAutoSignIn (this DEFINITELY needs to be mentioned as a requirement in the settings reference for RoamingProfileSupportEnabled) set to 1, BUT the first time I open Edge with that combination of options set on every machine, I get a pop-up (see attached) saying sync isn't available for this account (is this still referring to cloud sync??). However, when I go into settings, it then says "Sync is on" with a green check mark, and the roaming profile.pb file is populating correctly.

 

What is the purpose of that pop-up? Why is automatic on-prem domain sign-in a requirement for using the roaming profile creation mechanism (what is the benefit)? Am I missing it, or is there a policy combination to force on-prem domain sign-in but disallow creation of other "local" Edge profile and disallow signing into other Microsoft Online accounts? With Google Chrome, we can enable Roaming Profile Support, and the requirement is that SyncDisabled must not be in use, which means users can sign into Google accounts and sync appears to be on in the GUI, but it does not actually sync anything to the cloud since it is syncing locally to the profile.pb. With Edge's implementation, if we are using Roaming Profiles on-prem, and just want Edge to write to a profile.pb in %APPDATA%, is there a way to prevent users from signing in with a Microsoft cloud account and syncing to the cloud? (I know we can block consumer MSA login via group policy). Because, in testing, I noticed that, if one creates an additional profile in Edge and signs in with an unrelated Microsoft cloud account, the on-prem domain account profile in Edge will stop writing to the roaming .pb file (but will still say "Sync is on").

 

And finally, does RoamingProfileSupport on only support a single profile in Edge? Edge by default stores the roaming info in %APPDATA%\Microsoft\Edge\User Data\profile.pb and seems to only do this for the SSO-enabled on-prem AD account profile in Edge. Google Chrome, on the other hand, when using RoamingProfileSupport, uses individual per-Chrome-profile subfolders (e.g. %APPDATA%\Google\Chrome\User Data\Default\profile.pb). So with Edge's implementation, locked to the on-prem AD account the user is signed in with as it seems to be, is there no way to capture/roam additional profiles created by the user? (some power users do this to maintain distinct browser environments)

@billroland @scottbo_msft

 

We also get the same error configured RoamingProfileSupportEnabled and ConfigureOnPremisesAccountAutoSignIn using Stable v85 and also get the "Complete Sign-In" prompt and no file saved in the roaming folder? We need to get this working as its stopping us deploy it for one of our large clients.

 

 

@stempleton hello !
I'am in Edge V89.0.

I set 2 keys in registry for chrome :

RoamingProfileLocation - REG_SZ : "\\My_SHARE\${user_name}\AppData\Roaming\Google\Chrome"

RoamingProfileSupportEnabled - REG_DWORD - 1

 

This works wonderfull for Chrome.

I do the same for Edge, and folder for my test user, is still not created.

 

Have you found a solution ? 
What about ConfigureOnPremisesAccountAutoSignIn ? because this is not a required setting for chrome...

@Jbouille78 

 

Yes we did get it working but took a lot of trial and error and was a while ago now but looking through the GPO's we set 

Computer Configuration - Policies - Administrative Templates - Microsoft Edge - We also have the some user configuration too

stempleton_0-1629211018833.png

stempleton_1-1629210770437.png

 

 

User Configuration; 

stempleton_0-1629210712148.png

 

@stempleton 

thanks for your quick reply !

 

it seems in my case that adding your user configuration "configure automatic sing in ..." solve this.

 

thanks a lot !