@Shuji Kinoshita , Unfortunately it is not recommended to use Azure AD DS service for any on-prem Windows Machine. We always recommend to deploy Azure VMs and then manage it using the Azure AD Domain services. Even in case of Azure AD Domain Services, you would have to deploy an Azure VM and connect it to the same vnet as that of the Azure AD Domain Service. Since the Domain Controllers running behind the scenes of Azure AD DS service are not accessible hence this Azure VM deployed in the same vnet can be used to access the services like managing the users, computers, creating group policies etc using the RSAT tools on that VM.
The only option available to manage a Windows Machine (on-prem machine) using AAD is by Azure AD Join or Hybrid Azure AD Join, but again using this feature you wont be able to control the Login/Logout. So the best option in hand is to deploy a Domain Controller on Prem and then manage you local policies for the local machines.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.