Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD and On Prem AD - Can Group Policy Co-Exist?

Iron Contributor

Hello all,

 

I am looking to roll out some surface tablets that will rarely, if ever be in the office / connected to our network.  As a result, my plan is to Azure AD Join (and enroll in EMS) these devices but not join them to on-prem ADDS.

 

I have been doing some digging into Azure AD Group Policy -- can this co-exist with my on-prem GPOs?  I know that I only get 1 GPO in Azure - but my thought would be to spin up an Azure VM, install GPMC so I can manage the GPO for these tablet / cloud only devices.

 

Or is there a better way?

 

Thanks

Steve

2 Replies

Azure AD Join does *not* support GPOs. Azure AD Domain services does, and is limited to the one as you've read. The two are different features however, we discussed this recently here: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-Active-Directory-Domain-Services...

 

Depending on the kind of settings you want to enforce, Office 365 MDM or Intune might be useful.

Thank you for clearing this up.

 

Steve