On-premises sync for Active Directory (AD) users
Microsoft Edge for Business is now available in Edge stable version 116! Learn more about the new, dedicated work experience with native enterprise grade security, productivity, manageability, and AI built in.
This article explains how Active Directory (AD) users can roam Microsoft Edge favorites and settings between computers without connecting to Microsoft cloud services.
This article applies to Microsoft Edge version 85 or later.
Syncing user data in Microsoft Edge normally requires either a Microsoft Account or a Microsoft Entra account, and a connection to Microsoft cloud services. With on-premises sync, Microsoft Edge saves an Active Directory user's favorites and settings to a file that can be moved between different computers. On-premises sync doesn't interfere with cloud syncing for those profiles that allow it.
How it works
Microsoft Edge allows profiles to be associated with Active Directory (AD) accounts, which can't be used with cloud sync. When on-premises sync is enabled, the data from the AD profile is saved to a file named profile.pb. By default, this file is stored in %APPDATA%/Microsoft/Edge. After this file is written, it can be moved between different computers, and user data will be read and written on each computer. Microsoft Edge only reads and writes from this file; it's the admin's responsibility to ensure that the file is moved as needed.
For on-premises sync, the only supported scenario is syncing using profile.pb. Roaming files and folders other than profile.pb is unsupported because they might result in unexpected behavior.
Use on-premises sync
To use on-premises sync, you have to enable it, associate a profile with an AD account, and optionally, change the location of the user data.
Enable on-premises sync
To enable on-premises sync in Microsoft Edge, configure the RoamingProfileSupportEnabled policy.
Ensure that a profile is associated with an Active Directory account
On-premises sync only works with the profile associated with an Active Directory (AD) account. If this profile doesn't exist, on-premises sync won't work. To ensure that users sign on with an AD account, configure the ConfigureOnPremisesAccountAutoSignIn policy. For on-premises sync, Microsoft Edge only relies on AD to establish an identity for the user data, and there's no direct relationship between how Microsoft Edge reads and writes on-premises data to how the admin has configured roaming for an AD user.
Change the location of the user data (optional)
By default, the user data is stored in a filed named profile.pb in %APPDATA%/Microsoft/Edge. To change the location of this file, configure the RoamingProfileLocation policy.
Changes in the user experience when on-premises sync is enabled
When on-premises sync is enabled, users won't be asked to enable sync. In addition, users can't turn off sync in Sync settings, and they can't turn on sync types that aren't supported by on-premises sync.
On-premises sync usage notes
Running cloud sync and on-premises sync on the same computer
On-premises sync doesn't interfere with cloud sync. If Microsoft Edge has multiple Microsoft Account or Microsoft Entra profiles that sync to the cloud, these profiles will continue to sync while on-premises sync is enabled.
Running Microsoft Edge on more than one computer at a time isn't recommended
Because on-premises sync works by moving a user data file between computers, on-premises sync doesn't sync changes between simultaneous sessions. For this reason, on-premises sync works best when used on one computer at a time. If there are simultaneous on-premises sessions running, data on any of the computers may be unexpectedly overwritten by data from another computer the next time you start a browser session.
Microsoft Edge locks the profile.pb file when on-premises sync is enabled. If folder redirection is used to share a single profile.pb file between different computers, then only one instance of Microsoft Edge that uses the shared file can be started.