Forum Discussion

Copper Contributor

Oct 14, 2020

Plans to merge ADDS and AAD

Are there any plans to merge Active Directory Directory Services and Azure AD? This would allow there to be GPOs, OU, nesting etc ... and then we would not need an additional subscription for intune ...

Access Management

Azure Active Directory (AAD)

Identity Management

pazdedav

MVP

Oct 19, 2020

Here are my five cents John Steskal ,

Microsoft makes a clear distinction between Active Directory (a tradition X500 directory with a hierarchy, group policies, and legacy authentication protocols like Kerberos and NTLM) and Azure AD (a flat, cloud-based directory designed for high scale, supporting modern protocols like SAML, OIDC and OAuth, where you can managed devices using MDM policies).

Group Policies were not designed for the cloud and configuration as code practice, so I personally don't expect they will ever become a feature of Azure AD. Instead, you should use MDM policies for mobile devices and W10 endpoints and leverage Azure (in-guest) Policies to manage Azure-hosted VMs (that could be extended to non-Azure VMs using Azure Arc).

Steskalj

Steel Contributor

Oct 20, 2020

pazdedav The funny thing is that MDM for Windows 10 uses Group Policy. The ADMX format and structure is what the group policy engine uses to apply things. Also, there is a huge need for the classic or as us say "legacy" ou structure. You could merge Azure ADDS and Azure AD, which would allow for all protocols and give the nesting features of OUs, plus group policy. I'd love to chat more about this, and one of the most powerful things about AD is group policy, plus it is included. Which with MDM it is not.