So your post asks about Roaming Profiles.
But first...think about what it is...that you want to have follow the user...from device to device.
Some people used roaming profiles way in the old days....only to really use it to back up the Docs and Desktop folders....but that got replaced with the much more efficient "folder redirection" of group policy. Didn't need to move all of the "junk" also included under the users profile.
Others used it a bit more advanced..to have things like Outlook...already configured, signature, nickname cache, browser stuff, desktop, blah blah, etc etc.
Yeah there are some things that can live in "appdata"....as time went on, less and less leaned on that.
But honestly...most of that stuff is already replaced with existing stuff in 365.
OneDrive takes over folder redirection.
Browser stuff...saved in Chrome..and better yet...Edge...and Edge ties in with the users 365 account.
Printers...pushed out via Universal Print in 365
For Outlook...signatures are now stored upstream in the mailbox. And for quite a few years now...nickname cache is also already kept upstream in the mailbox. And Outlook is just so darned easy to auto configure...a caveman can do it...but if you want more, InTune can push out a true Outlook autoconfig with custom settings (like download all email)
InTune can push out software installs from the Microsoft Store (and more)
InTune can enforce bitlocker encryption
InTune can auto configure syncing Teams/SP libraries.
InTune can auto configure OneDrive...with custom settings like exclude certain file types, enforce files on demand, warn users of large volume file deletions, etc.
InTune is your new group policy tool.
Also...365 has a feature called Enterprise State Roaming...which does bring along some more customized user stuff. Caveat is...software that supports it is required, usually most modern apps gotten from the Microsoft Store do...but there are other things this piles on.
Now, granted, all this fun "InTune" stuff doesn't apply to your home/BYOD users....because if their computers are not "joining the domain" of AzureAD...AzureAD doesn't have the power and permissions needed to apply "most stuff". Sorta like the old days of an on prem server with active directory, you joined a workstation to the domain...so that the domain controller was "the boss" of not only the users...but also of the "computers". And you could then leverage stuff like login scripts, group policies, system management, etc. It's....similar with 365. It becomes more powerful as you set things up with AzureAD...properly "joining"..and things like InTune can come into play.
Now, with CA policies, (conditional access policies)...you can leverage some enforcement of basic security. Say you wanted to block the ability for apps like OneDrive to sign in and sync files locally...you can do that! Some businesses may not ever want to allow business documents to sync/show up on end user personal computers at their house. Just think of the "housekeeping" best practices that breaches, also possible compliance issues depending on the type of business.
