Can GPOs setup in a Microsoft Entra Domain Services managed domain be applied to devices that are in the Entra domain but not on Azure?

Bradley Bauer 20 Reputation points
2024-03-29T15:33:00.87+00:00

We have an Azure subscription with an associated Entra tenant. We are cloud only and do not have an on premise AD server. We want to be able to setup GPOs that can be applied to computers that are Entra joined devices. Can that be accomplished by setting up GPOs in an Entra Domain Services managed domain?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,451 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 10,205 Reputation points MVP
    2024-03-29T15:39:37.4866667+00:00

    There are two built-in GPOs that you can use for this purpose.

    Details at https://learn.microsoft.com/en-us/entra/identity/domain-services/manage-group-policy

    However, keep in mind that you cannot join non-Azure VMs to Entra Domain Services domain, so this is applicable only to Azure VMs that are joined to the Entra Domain Services domain


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 141.5K Reputation points MVP
    2024-03-29T15:41:11.0933333+00:00

    In entra, you'll want to look at adminstrative units:

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units

    There are no GPOs in Azure.

    Entra Domain Services really refer to a Windows Sub domain you create to handle legacy on-prem apps in Azure and it doesnt sound like that applies here:

    https://learn.microsoft.com/en-us/entra/identity/domain-services/overview

    0 comments No comments