Understanding User Settings and Data Synchronization in Chromium-Based Microsoft Edge
In January, Microsoft’s new Edge browser hit general availability. Microsoft is rolling it out slowly to Windows 10 users via Windows Update. And enterprises can download an offline deployment package for use with Microsoft Endpoint Manager and Intune. The browser is also available for Windows 7, Windows 8, and macOS. You can download the new Edge from Microsoft’s website here.
Based on Chromium, the new browser meets the performance and compatibility expectations of users while also providing enterprise features, like IE mode and compatibility with Windows Defender Application Guard. Because most websites are tested against Google Chrome, which is also based on Chromium, the new version of Edge guarantees a much higher level of compatibility than previous Microsoft browsers.
And like Google Chrome, the new Edge supports setting up more than one profile. Profiles can be for different users or for different kinds of user account. For instance, you might set up one profile for personal use with a Microsoft Account (MSA) and a second ‘work profile’ that uses an Office 365 or Microsoft 365 account. When configuring a profile, you don’t have to sign in with an account. But if you don’t sign in, you lose the ability to synchronize user data. Edge currently supports syncing the following profile data:
- Addresses and more (form-fill)
Microsoft Edge sync with MSAs
Consumers are most likely to synchronize Microsoft Edge settings using an MSA. MSAs are used to sign in to many Microsoft services, like Outlook.com. Not all user settings and data can be synchronized at the time of writing this article. History, open tabs, and extension sync support still needs to be added to Edge. But Microsoft plans to enable better synchronization support in upcoming releases and enable it automatically for users.
To manage profiles and profile settings, paste edge://settings/profiles into the browser address bar and press ENTER. From here, you can create and configure new or existing profiles. Including the ability to determine whether your data is synchronized to the cloud. It is also possible to granularly configure profile synchronization.
Microsoft Edge sync with work or school accounts
Microsoft defines a work or school account as an account that is part of Office 365 or Microsoft 365. And this is where Microsoft Edge sync gets a little tricky. While you are free to set up a profile using a work or school account, sync is only supported if your Office 365 or Microsoft 365 tenant has either Azure Information Protection (AIP) or Enterprise State Roaming (ESR) enabled.
Enterprise State Roaming
Enterprise State Roaming gives organizations the control they need to keep data safe and separate it from consumer account data. ESR settings and app data are stored in an Azure region that’s selected based on the country associated with the Azure Active Directory (AAD) tenant, and ESR provides control and visibility over who is syncing what.
ESR uses Azure Rights Management (Azure RMS) to ensure that data is encrypted before it leaves Windows 10, and that it remains encrypted when at rest in the cloud. A separate subscription for Azure RMS isn’t required to use Enterprise State Roaming.
For more information on ESR, see What is Azure Active Directory Enterprise State Roaming? on Petri.
But wait! While an ESR-enabled tenant will allow work or school accounts to synchronize settings and data to the cloud in the new Edge, the technology used to do it is no longer connected to ESR. Confusing right?
ESR provides AAD users in Windows 10 the ability to securely synchronize user and app settings to the cloud. But because Chromium-based Edge is being developed independently of Windows 10, and is available for other platforms, ESR is not used to synchronize work or school account settings and data.
Despite the change in the new Edge, Microsoft is promising to honor most of ESR’s capabilities, including separation of consumer and corporate data, monitoring, management, and the ability to use your own encryption key. For more details, see Microsoft’s website here.
Azure Information Protection
Azure Information Protection is a cloud-based technology for classifying data and optionally protecting documents and emails by applying labels. AIP uses Azure Rights Management (Azure RMS), which is also integrated with Office 365 and Azure Active Directory. Azure RMS provides the encryption, identity, and authorization policies required for AIP to work.
For more information on AIP, see What Is Azure Information Protection? on Petri.
Subscriptions and capabilities
In short, to enable sync support in the new Edge browser when using a work or school account, you will need to be using one of the following subscriptions:
- AAD Premium (P1 and P2)
- Office 365 E3 and above
- Azure Information Protection (P1& P2)
- All EDU subscriptions (O365 A1 or above, M365 A1 or above, or AIP P1 or P2 for Students or Faculty)
Microsoft doesn’t currently support enabling sync with Windows Server Active Directory accounts but it is planning to add this capability in a future release. Additionally, Microsoft will add sync support for non-premium AAD accounts.
Enterprise-grade sync comes at a price
It doesn’t come as a surprise that if you want to synchronize work or school account settings and data in the new Edge browser, your organization is going to have to pay for it. But for businesses that already have an investment in Microsoft’s cloud technologies, it’s likely that the licensing already in place will be enough to light up synchronization in Edge.