This is a high-level summary of the specific needs, business impact and listing of current profile management options for your physical and virtual Windows 10 and 11 devices. The focus is how to get back to a state which can make you productive as soon as possible after a device reinstall or reset. This scenario of course also covers when you get a new device that replaces an older one.
Most organizations have a policy that “we will troubleshoot a problem on a Windows device for X number of minutes, if we can’t solve it, let’s do a reinstall or reset”.
This might seem like a great policy that saves time for the service desk. But the numbers the management do not see is how much time have service desk have to spend on helping the user get back on track after the reinstall or reset? The same goes when user needs help transferring from one device to another as part of regular renewal of device. The potential time-saver here is enormous. If the user can get to a state that has everything the user needs available instantly, the user can become productive much quicker.
A consequence of having everything brought back quickly is that not only can the user be productive quicker, but the user will much more likely agree to a reinstall or reset when knowing the user can start working without hazzle again. It might also mean that you can reduce troubleshooting time from say 60 minutes down to 15 before you do a reinstall or reset. Overall a real time-saver and money-saver!
Needs and goals
Getting back to a state where a user can start working as soon as possible after re-install or reset of the device, or even when switching device as part of hardware renewal.
“Everything back as it was” (more details on this below). I.e., the time the user needs to spend on getting back to a state that just works as before needs to be minimized.
Expanded description of goals:
All files and documents back as they were and accessible by user.
All required applications back as they were. (This is out of scope for this blog post as most organizations use ConfigMgr, Intune or a third-party software to deploy applications).
All relevant settings back:
Specific settings for line of business applications.
Outlook signatures and calendar settings etc.
Printers and printer settings.
Browser related settings, favorites, and history, including saved passwords.
Mapped SharePoint sites (Teams files) in File Explorer.
Settings for apps.
Let’s have a look at what Microsoft technologies are available to solve the needs.
Personal files and documents
OneDrive for Business with Known Folder Move. If you have the possibility to use OneDrive for Business this is the best solution out there. Make sure to set the GPO or MDM setting to silently configure OneDrive to automatically have your OneDrive folder available after re-install or reset. Also set the policy setting “Enable Known Folder Move” to make sure that Desktop, Documents and Pictures folders are redirected to your OneDrive Folder. Reality check, do you know anyone who do NOT save stuff they need on the desktop? :)
Work Folders (which I typically call the internal OneDrive). Setting up Work Folders is easy, the role has existed in Windows Server since 2012 R2, thus requires a Windows File Server to setup and enable. Once you’ve setup Work Folders, use good old redirection of Documents and Desktop folders (and maybe Pictures as well) pointing to the local Work Folders directory just like it is done with Known Folder Move for OneDrive for Business.
Folder Redirection + offline files. Only two words: Stay away! (And migrate as soon as possible to OneDrive for Business or Work Folders if you are already using it). For some organizations I have worked with I have made it opt-in to use offline files, clearly stating the potential risks when opting in. Offline files cause user problems and have very high risk of user data loss.
Common or shared files and documents
SharePoint Sites (Teams files directories). Many users prefer to work with SharePoint sites and Teams files by syncing them to work with the files in File Explorer. There is no official way of having these remapped automatically after a reinstall or reset of a Windows device.
User Experience Virtualization (UE-V). I have many times referred to UE-V as the best thing since sliced bread. It is a technology that was released for about 10 years ago, with the intent to provide roaming of settings for Windows and applications (both Microsoft and any third party), using on-premises file shares. It also roams printers if you are not deploying those through other means.
Since Windows 10 version 1607 UE-V is integrated in the operating system. I’ve used UE-V quite a lot and this is a really good technology to get many settings back after a reinstall. In one case I could do a F12 reinstall of a Windows 10 device before going to lunch and after lunch I logged in and started working instantly, with all settings back. Those were the days!
Over time as applications are moving to the app’s world, UE-V has basically become less effective in its job. Also, after adding UE-V to Windows version 1607, UE-V has not gotten much love from Microsoft and as no development has been made for almost six years this is still something that most will benefit from, but sad to see that Microsoft do not care for this.
Enterprise State Roaming. About the same time that UE-V was integrated into Windows 10 we also saw the introduction of Enterprise State Roaming. This is a technology that use the cloud (a private protected and untouchable area) in Azure to store profile settings that roams with the user. For instance, background image, Windows theme settings and some other stuff is being roamed when enabling this through Azure AD. Sad to say, this feature is facing the same destiny as UE-V, with no new features or changes for the last six years or so.
Actually with Windows 11 the number of settings that roam using Enterprise State Roaming have decreased, now only roaming passwords, some Windows settings, and language preferences.
FSLogix profiles. Microsoft bought FSLogix and with that obtained their profile technology. This is a container-based profile solution used primarily in remote Windows solutions, such as Azure Virtual Desktop. Although the technology should be possible to use on physical machines as well, I haven’t many details regarding this and haven’t tried it our myself. One reason for this is that FSLogix profiles requires an Active Directory and is not yet (per January 2022) supported for Azure Active Directory, although this is announced in the future.
Outlook settings roaming. Finally you can roam your email signature and a bunch of other settings to the cloud – without doing anything other than making sure this option is enabled. Take a look at Outlook roaming options to get more information about this one.
Note1: Roaming profiles take care of both files and settings but like with folder redirection and offline files: Stay away from roaming profiles to make your life happier.
Note 2: As apps in Windows always store their configuration and user specific data in a standardized location. That is C:\Users\%username%\AppData\Local\Packages\%AppName%\ which means Microsoft should be able to provide a supported way of roaming these settings.
What settings can you use?
Depending on how your Windows devices are managed you can use some or all these technologies. This is applicable for Windows 10, Windows 11, Windows 365 as well as Azure Virtual Desktop. Note: All technologies below are not necessarily supported for all physical and virtual use cases.
Active Directory Joined
Hybrid Azure AD Joined
Azure AD Joined
User Experience Virtualization (UE-V)
Yes, pointing to file share
Yes, pointing to file share
Yes, pointing to OneDrive for Business local folder*
Enterprise State Roaming
No (not supported yet)
Edge profile sync
Outlook settings roaming
Summary of what profile technologies are available for various Windows device join types.
Summary of what profile technologies are supported officially by Microsoft.
* Technically it will work, but likely not supported by Microsoft for Windows 365 nor Azure Virtual Desktop. ** Supported only for personal pools – not multi-session Windows 10 or 11, nor Windows Server. *** For Azure Virtual Desktop, currently there is no support for Azure AD Joined devices.
With the existing Microsoft tools and technologies, you can reach a state where most of the stuff you want back actually is configured and brought back automatically. Getting the files and documents back is easy. Edge profile sync and Outlook settings roaming are a no-brainer and should be used by everyone.
UE-V and Enterprise State Roaming are not developed anymore but they still fill a purpose and can be very useful to save time, starting today, as they are very easy to get started with and has a very low implementation cost. FSLogix profiles are primarily intended for datacenter hosted solutions.
With those facts, there is a strong need for Microsoft to strengthen profile management to make it the true time-saver it can be. IT management would very much appreciate it I can assure. But the ones that would appreciate this the most are the end users!
This is one of the most mysterious problems I’ve encountered! Anyone who can provide input is more than welcome to ping me on Twitter or Teams, or help by entering some basic information in this form.
UPDATE September 6, 2022: Update the problem description as the Web sign-in setting is also causing problems using Cloud PC (Windows 365): “Another user is signed in. If you continue, they’ll be disconnected. Do you want to sign in anyway?”. See more below under “Problem #2”.
UPDATE July 6, 2022: A response from Microsoft leads to the root cause being Web sign-in being enabled, which is in preview (and has been for quite a few years) and is also unsupported. Still does not explain the extreme intermittent occurrence of the problem but at least a great indicator and something to validate.
UPDATE July 5, 2022: Added this form to gather and hopefully be able to get to the root cause. Also, I’ve gotten indications on a potential causes leading to the New user state, more below.
You restart your Windows 10 or Windows 11 device (Azure AD Joined + MEM/Intune enrolled) and after the restart, instead of displaying the last logged on user, the only account on the sign-in screen is an account named “New User”.
This happens extremely rarely, but I’ve seen it a few times. The “New User” comes from nowhere and if you click Switch user it just returns to the same view as below.
I have seen the problem a few times for multiple Windows 10 versions back to at least Windows 10 v1909, and on multiple devices from multiple vendors. Unfortunately I’ve seen it once on a Windows 11 device as well. The other day this problem hit a colleague of mine as well so it’s not just me :) .
Cloud PCs established as part of Windows 365, in Azure AD Joined mode, experience the sign-in message that Other user is already logged in, every time when logging in (and even after restart):
Another user is signed in. If you continue, they’ll be disconnected. Do you want to sign in anyway?
I’ve gotten reports (thanks to the community) with a response from Microsoft leads to the root cause being Web sign-in being enabled, which is in preview (and has been for quite a few years) and is also unsupported.
This is also true for the environments where I have seen this problem occur so this is the most likely cause of the “New user” phenomena causing Problem #1!
For Problem #2 this setting is confirmed to be the problem – as that problem was very easy to reproduce!