Home

Azure AD and On Prem AD - Can Group Policy Co-Exist?

%3CLINGO-SUB%20id%3D%22lingo-sub-92596%22%20slang%3D%22en-US%22%3EAzure%20AD%20and%20On%20Prem%20AD%20-%20Can%20Group%20Policy%20Co-Exist%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92596%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20to%20roll%20out%20some%20surface%20tablets%20that%20will%20rarely%2C%20if%20ever%20be%20in%20the%20office%20%2F%20connected%20to%20our%20network.%20%26nbsp%3BAs%20a%20result%2C%20my%20plan%20is%20to%20Azure%20AD%20Join%20(and%20enroll%20in%20EMS)%20these%20devices%20but%20not%20join%20them%20to%20on-prem%20ADDS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20been%20doing%20some%26nbsp%3Bdigging%20into%20Azure%20AD%20Group%20Policy%20--%20can%20this%20co-exist%20with%20my%20on-prem%20GPOs%3F%20%26nbsp%3BI%20know%20that%20I%20only%20get%201%20GPO%20in%20Azure%20-%20but%20my%20thought%20would%20be%20to%20spin%20up%20an%20Azure%20VM%2C%20install%20GPMC%20so%20I%20can%20manage%20the%20GPO%20for%20these%20tablet%20%2F%20cloud%20only%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOr%20is%20there%20a%20better%20way%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ESteve%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-92596%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-93051%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20and%20On%20Prem%20AD%20-%20Can%20Group%20Policy%20Co-Exist%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-93051%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20clearing%20this%20up.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESteve%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92696%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20and%20On%20Prem%20AD%20-%20Can%20Group%20Policy%20Co-Exist%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92696%22%20slang%3D%22en-US%22%3E%3CP%3EAzure%20AD%20Join%20does%20*not*%20support%20GPOs.%20Azure%20AD%20Domain%20services%20does%2C%20and%20is%20limited%20to%20the%20one%20as%20you've%20read.%20The%20two%20are%20different%20features%20however%2C%20we%20discussed%20this%20recently%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory%2FAzure-Active-Directory-Domain-Services-On-premises-workstation%2Fm-p%2F91930%23M694%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory%2FAzure-Active-Directory-Domain-Services-On-premises-workstation%2Fm-p%2F91930%23M694%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDepending%20on%20the%20kind%20of%20settings%20you%20want%20to%20enforce%2C%20Office%20365%20MDM%20or%20Intune%20might%20be%20useful.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Stephen Bell
Contributor

Hello all,

 

I am looking to roll out some surface tablets that will rarely, if ever be in the office / connected to our network.  As a result, my plan is to Azure AD Join (and enroll in EMS) these devices but not join them to on-prem ADDS.

 

I have been doing some digging into Azure AD Group Policy -- can this co-exist with my on-prem GPOs?  I know that I only get 1 GPO in Azure - but my thought would be to spin up an Azure VM, install GPMC so I can manage the GPO for these tablet / cloud only devices.

 

Or is there a better way?

 

Thanks

Steve

2 Replies

Azure AD Join does *not* support GPOs. Azure AD Domain services does, and is limited to the one as you've read. The two are different features however, we discussed this recently here: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-Active-Directory-Domain-Services...

 

Depending on the kind of settings you want to enforce, Office 365 MDM or Intune might be useful.

Thank you for clearing this up.

 

Steve

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies