03-03-2018 02:03 AM
03-03-2018 02:03 AM
Azure Active Directory Premium P1 - Windows 7 - Group Policy
Want to roll out a domain customer has Office365 currently but has mostly Windows 7 Pro machines with some Windows 10 Pro.
Does Azure Active Directory Premium P1 support Windows 7 and does it work well for Group Policy, Roaming Profiles etc?
Or do i require
2 x Virtual machines 8Gb Ram 256 SSD 4x Cores
Bandwidth for vNet
Bandwidth for VPN
VPN Tier 1 for more than 10 sites and 650Gb bandwidth?
Then build VPN tunnels from sites to Azure VPN
Then setup the servers to be domain controllers.
Would like Azure Active Directory Premium P1 if possible with it offering self service password resets, MFA etc but cannot find anything clear on managing the GPOs, Roaming profiles and Windows 7.
Thanks in advance for any advise.
03-05-2018 05:25 AM
03-05-2018 06:15 AM
Azure AD does support users with Windows 7 but it does not help with managing GPOs by itself, you need Azure AD Domain Services for that type of functionality. AAD P1 is focused on account and application management. The win7 machines will still be domain joined and will still get GPOs like they always have.
You don't need GPOs to manage Self service password reset and MFA configuration options, those are handled directly in AAD P1 for all Operating systems.
Since you have O365, then you may want to look into using GPOs to help manage OneDrive client sync settings, see https://support.office.com/en-us/article/use-group-policy-to-control-onedrive-sync-client-settings-0...
You can have the Win10 machines registered with AAD without making them join the domain, see https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-registered-devices... or you can have them in hybrid mode, see https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devi...
03-07-2018 09:12 AM
03-11-2018 09:39 AM
03-19-2018 02:25 PM
03-29-2018 02:15 PM
You can AAD-join Windows 10 machines as long as they have connectivity to MS Azure, via Internet -- whether or not it's through a VPN.
Windows 7, I don't think so.
Azure AD Connect is for synchronizing account data from a traditional AD service up to AAD, which of course is not the same as managing your identities totally in the cloud service. If you moved everything completely to AAD you wouldn't need Azure AD Connect.