- Uninstall Microsoft Store apps with Group Policy and Intune in Windows 11 25H2 - Fri, Oct 31 2025
- Windows 11 Insider Preview Build 26220.6982 (KB5067109) introduces clipboard search and proactive diagnostics - Wed, Oct 29 2025
- VMware Workstation 25H2 new features and critical bugs - Tue, Oct 28 2025
System requirements and prerequisites
Backup requirements
Windows Backup for Organizations can create backups on devices meeting these technical specifications:
- Operating Systems: Windows 10 version 22H2 build 19045.6216 or later, Windows 11 version 22H2 build 22621.5768 or later, Windows 11 version 23H2 build 22631.5768 or later, or Windows 11 version 24H2 build 26100.4946 or later
- Device Configuration: Microsoft Entra ID joined or Microsoft Entra hybrid joined devices
- Updates: August 2025 Windows security update or newer is required
- Authentication: User must be signed in with a Microsoft Entra ID account
.png "Windows Backup for Organizations (image Microsoft)")
Windows Backup for Organizations (image Microsoft)
Restore requirements
The restore functionality has more restrictive requirements:
- Operating Systems: Windows 11 version 22H2 build 22621.3958 or later, Windows 11 version 23H2 build 22631.3958 or later, or Windows 11 version 24H2 build 26100.1301 or later
- Device Configuration: Microsoft Entra ID joined devices only (hybrid joined devices cannot restore)
- Prerequisites: At least one existing backup profile and the same Microsoft Entra account used for backup
Technical architecture
Backup process
The backup system operates on a scheduled task that runs automatically every eight days. During this process, the system captures:
- Accessibility settings
- WiFi network credentials and passwords
- Desktop personalization preferences
- Language preferences and custom dictionary entries
- Other Windows system settings
- List of installed Microsoft Store applications
Data is stored in the organization's tenant data store within the Microsoft cloud infrastructure. Users can also manually trigger backups through the Windows Backup application.
Restore process
The restore functionality integrates with the Windows Out-of-Box Experience (OOBE). The system presents available backup profiles when users sign in during OOBE with their Microsoft Entra ID credentials. If they have used different devices, users can select from multiple backups, allowing restoration of settings from any previously backed-up system.
Configuration methods
Group policy configuration
Administrators can deploy Windows Backup for Organizations through Active Directory Group Policy:
Path: Computer Configuration > Administrative Templates > Windows Components > Sync your settings
Policy: Enable Windows Backup
Setting: Enabled
Additional granular control policies include:
- Do not sync accessibility settings
- Do not sync apps
- Don't sync passwords
- Don't sync personalize
- Do not sync language preferences settings
- Do not sync other Windows settings
Mobile device management (MDM) configuration
For Microsoft Intune environments, administrators configure the feature through Settings Catalog policies:
Category: Administrative Templates > Windows Components > Sync your settings
Setting: Enable Windows Backup
Value: Enabled
The restore capability requires tenant-level configuration in Intune:
- Navigate to Devices > Enrollment > Windows Backup and Restore
- Set "Show restore page" to "On"
- Apply changes
Configuration service provider (CSP) settings
Organizations using third-party MDM solutions can deploy Windows Backup for Organizations through CSP configuration:
For backup:
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/SettingsSync/EnableWindowsBackup
Data Type: String
Value: <enabled/>
For restoration:
OMA-URI: ./Device/Vendor/MSFT/WindowsBackupAndRestore/EnableWindowsRestore
Data Type: Boolean
Value: True
Policy management and user control
Administrative control
The system provides multiple levels of administrative oversight:
- Full Control: Administrators can completely disable user access to backup settings
- Selective Control: Individual setting categories can be disabled while others remain available
- User Override Options: Policies can be configured to allow users to re-enable specific categories
User interface
Users access backup controls through Settings > Accounts > Windows Backup when enabled. Two primary toggles control functionality:
- Remember my preferences: Controls backup of system settings
- Remember my apps: Controls backup of Microsoft Store app lists
Subcategory toggles allow granular control over specific setting types.
Installation considerations
Conditional access integration
Organizations using Conditional Access policies must account for the Microsoft service app ID d32c68ad-72d2-4acb-a0c7-46bb2cf93873 to prevent authentication failures during restore operations.
Virtual machine environments
Phishing-resistant Multifactor Authentication (PRMFA) policies may interfere with the restore process for Hyper-V and similar virtualized environments. Administrators should consider installing Temporary Access Pass (TAP) authentication for these scenarios.
Data lifecycle management
Backup data persists in the organization's tenant until explicitly deleted. Administrators can manage this data through Microsoft Graph API endpoints:
- Read/Export: GET windowsSetting (requires UserWindowsSettings.Read.All permission)
- Delete: DELETE windowsSetting (requires UserWindowsSettings.ReadWrite.All permission)
Limitations and constraints
Regional availability
Windows Backup for Organizations is not available in:
- Government Community Cloud High (GCCH)
- Sovereign cloud environments
- China/21Vianet regions
Functional limitations
The system does not back up or restore:
- User profile data or documents
- Locally installed applications (non-Microsoft Store)
- Registry entries beyond supported settings categories
- Custom application configurations
Autopilot compatibility
The restore feature requires Autopilot profiles configured for user-driven mode. Self-deploying mode setups do not support the restore function.
Troubleshooting and monitoring
Common configuration issues
Administrators should verify:
- Correct policy application to target device groups
- Proper build versions on both source and destination devices
- Microsoft Entra ID join status and authentication
- Network connectivity to Microsoft cloud services
Rollout considerations
Microsoft is gradually rolling out Intune configuration options. If the Settings Catalog options are not yet available in their tenant, organizations may need to use CSP custom policies.
Security implications
The backup system integrates with existing organizational security frameworks:
- Data encryption in transit and at rest
- Authentication through Microsoft Entra ID
- Compliance with existing tenant security policies
- Interference with Conditional Access controls
Organizations should review their data governance policies to ensure compatibility with cloud-stored user preference data.
Migration planning
For Windows 10 to Windows 11 transitions, administrators should:
- Enable backup policies before the migration window
- Allow sufficient time for initial backup completion (up to 8 days)
- Verify device compatibility with restore requirements
- Test the restore process in pilot environments
- Plan for quality update deployment during OOBE if required
User feedback
Early adoption of Windows Backup for Organizations has revealed significant user frustrations and limitations. The most severe criticism centers on the misleading name, with experts noting that the feature "sounds like a magic button that can bring back your entire PC when something goes wrong" but delivers only basic settings synchronization. This creates false expectations among users who assume comprehensive backup functionality.
Installation challenges compound user dissatisfaction. Many organizations report incomplete rollouts across Intune tenants. Virtual machine environments face authentication failures with phishing-resistant MFA, creating unusable experiences for some deployments.
The feature's limited scope has drawn particular criticism. IT professionals emphasize that the tool does not back up user files, documents, or Win32 applications, requiring separate solutions for comprehensive data protection. Security experts warn that "relying on Windows Backup for Organizations as a single data protection strategy is a recipe for data loss."
Perhaps most problematic is the policy contradiction identified by enterprise administrators: organizations that have spent years blocking Microsoft Store access for security reasons now find themselves enabling Store app restoration, creating internal policy conflicts. These limitations suggest the feature serves primarily as a modernized version of Enterprise State Roaming rather than the comprehensive backup solution its name implies.
Subscribe to 4sysops newsletter!
Conclusion
Windows Backup for Organizations provides a targeted solution for preserving user settings and Microsoft Store applications during Windows 10 to Windows 11 migrations. However, organizations must understand their narrow scope and technical limitations. While the feature streamlines device transitions through automated backup scheduling and OOBE restore integration, it requires careful planning around Conditional Access policies, device compatibility, and user expectations. IT administrators should view this tool as a complement to, rather than a replacement for, comprehensive backup strategies that include file protection and application deployment solutions.
-480x270.png)
-480x270.png)
-480x270.png)
-480x270.png)
-480x270.png)
-480x270.png)
