There are two built-in GPOs that you can use for this purpose.
Details at https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-group-policy
However, keep in mind that you cannot join non-Azure VMs to Entra Domain Services domain, so this is applicable only to Azure VMs that are joined to the Entra Domain Services domain
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin