Aug 02 2017
- last edited on
Jul 24 2020
I am looking to roll out some surface tablets that will rarely, if ever be in the office / connected to our network. As a result, my plan is to Azure AD Join (and enroll in EMS) these devices but not join them to on-prem ADDS.
I have been doing some digging into Azure AD Group Policy -- can this co-exist with my on-prem GPOs? I know that I only get 1 GPO in Azure - but my thought would be to spin up an Azure VM, install GPMC so I can manage the GPO for these tablet / cloud only devices.
Or is there a better way?
Aug 02 2017 11:44 AM
Azure AD Join does *not* support GPOs. Azure AD Domain services does, and is limited to the one as you've read. The two are different features however, we discussed this recently here: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-Active-Directory-Domain-Services...
Depending on the kind of settings you want to enforce, Office 365 MDM or Intune might be useful.