This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi.
I have a question for understanding.
I have a special constellation. We do not have an on premise server. Our users have a Microsoft 365 account and therefore in Azure Active Directory. My idea is to ban the users from some features in Windows 10 using GPO. I have installed Azure Active Directory Domain Service. To do this, I configured a Server 2019 in Azure and installed Group Policy Management Tools.
In the AADDS I see the users from Azure Active Directory. Now I have customized the existing AADDS User GPO. Unfortunately the policies are not transferred to the user.
Do the GPO only work with Windows 10 VM created in Azure?
Thx for Help
Claudio
You can utilize Intune (Endpoint Manager), here's a starting point for you intune-administrative-template. You can also create custom ones or even just deploy PowerShell scripts.
----------
Please accept as an answer if this was helpful.
Thanks for your quick reply and for the link to Intune. I will have a look at it.
GPOs work only for AD DS joined computers.
For managing workstations with policies, you really don't have to install on-prem Active Directory and use GPO. You can do everything in Intune.
Thanks for your quick reply.
I will try with Intune.
If I understand you correctly, the Windows 10 client must have been created in Azure and added to the AADDS domain.
No, you have 2 options here;
Thanks for your help. I just tried with Intune and the GPO work!
You have made my day.
Thx
Claudio
Hello there,
Azure AD DS includes built-in GPOs for the AADDC Users and AADDC Computers containers. You can customize these built-in GPOs to configure Group Policy as needed for your environment.
More information here https://learn.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy
Azure VM that is domain joined to an On-Prem Active Directory domain would be able to pull GPOs from the On-Prem Active Directory Domain Controllers. Group Policies would get applied on this just like a normal server in the On-Prem AD Domain.
We need to make sure that the Azure VM should be able to speak to a DC without any network issues and that would get the Group Policy objects flowing from the DC to the Azure VM.
---------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--