Forum Discussion
Azure AD and On Prem AD - Can Group Policy Co-Exist?
Hello all,
I am looking to roll out some surface tablets that will rarely, if ever be in the office / connected to our network. As a result, my plan is to Azure AD Join (and enroll in EMS) these devices but not join them to on-prem ADDS.
I have been doing some digging into Azure AD Group Policy -- can this co-exist with my on-prem GPOs? I know that I only get 1 GPO in Azure - but my thought would be to spin up an Azure VM, install GPMC so I can manage the GPO for these tablet / cloud only devices.
Or is there a better way?
Thanks
Steve
Azure AD Join does *not* support GPOs. Azure AD Domain services does, and is limited to the one as you've read. The two are different features however, we discussed this recently here: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-Active-Directory-Domain-Services-On-premises-workstation/m-p/91930#M694
Depending on the kind of settings you want to enforce, Office 365 MDM or Intune might be useful.
Thank you for clearing this up.
Steve
