Some background, i have a requirement to set a complex password policy/granular Password Policy in a pure Azure AD environment with no on Prem servers. This, as far as i'm aware, means having AD DS to set this password policy (it is required that 15 characters are set for contract purposes). There is a guide on how to setup Azure hosted AD DS which is great but i need this VM to talk/Sync back to Azure AD. Is there any way to get this to talk back? I cant install AD Connect as you need access to Enterprise admin groups but when install ADDS from azure hosting this group is locked down.
Alternatively, i thought about setting up a Azure hosted VM, this can then run AD DS and sync to the user but for this i would need to setup a brand new domain initially to then even install Azure AD connect.
Does anyone know if there is a better solution to my problem as my googling skills have let me down?