Issues / Concerns moving from on premise AD to Azure AD

Darren Rose 496 Reputation points
2019-12-10T21:16:25.167+00:00

Hi

Can someone please give me some advice.

For years we have had our own on premise domain with AD etc.

Recently when renewing licenses with our supplier we were advised to go down the route of Windows 10 Enterprise E3 per user licences rather than our previous per computer licenses.

Now to activate these correctly you have to join the computer to Azure AD rather than as it now to our on-site AD.

I have tested doing this for one user on a test computer to try and get my head around it, and first thing I note is that obviously they then have to sign on using email address e.g. f_bloggs@keyman .com rather than using previous login of fred_b. This is not an issue.

Once logged in the computer shows as activated correctly via a subscription as it should do.

But obviously things such as Group Policies now don't apply which is not something I had thought of or been warned about when sold these new licenses.

Can someone who has been throw this change tell me how I still have my original functionality of group policy settings but still be compliant with the licensing for Windows 10 Enterprise E3 needing Azure AD etc

Thank you very much

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,089 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Denise Child 1 Reputation point
    2019-12-10T22:07:43.147+00:00

    Are you using Azure AAD Connect? This will sync your AD accounts to Azure AD so that you can still use your email address that you have always used from on-prem.

    0 comments No comments

  2. Darren Rose 496 Reputation points
    2019-12-10T22:16:42.47+00:00

    Yes we have Azure AAD Connect installed because it was installed when we moved from on-premise Exchange to Exchange Online Plan 1 / Office 365

    From reading a bit more since posting it seems what I need is a HYBRID Azure AD, rather than just Azure AD, so that Windows 10 Enterprise E3 subscription will activate with Azure, but so can still use in house resources like Group Policy etc

    Does that sound about right?

    0 comments No comments

  3. Denise Child 1 Reputation point
    2019-12-11T22:04:05.853+00:00

    Yes, that is what we are using.

    0 comments No comments

  4. Darren Rose 496 Reputation points
    2019-12-11T22:11:58.623+00:00

    Thanks I will look at getting that configured then. Any gotchas or things to look out for from someone who is using it?

    0 comments No comments

  5. Lukas Beran 176 Reputation points
    2019-12-13T09:42:55.457+00:00

    Hi.

    Recommended way is Azure AD Hybrid join. You get all benefits from both worlds in this scenario - you have your computer joined to onprem AD with GPOs etc., but you have your computer also joined to Azure AD, so you can activate your licenses, SSO, Conditional Access etc.

    0 comments No comments