Azure AD joined computers and long periods with no Internet

Dirk Manderin 1 Reputation point
2021-03-03T18:52:53.857+00:00

I have a remote site in a hurricane prone region. If they get hit, they could have no Internet access for weeks at a time. Our environment consists of Active Directory synced to Azure AD. Computers are Azure AD joined. Currently they have two file / application servers that are AD joined and one domain controller, all running in Hyper-V. If they lose internet access (so no Azure access either) for a few weeks:

Even though their computers are Azure AD joined (not hybrid), and the users login via Azure AD, would they be able to authenticate against their local DC if they couldn't connect to Azure?

If the above is true - the DC is currently read-write, which I'm not a big fan of since this is a very small office with minimal security Are there any limitations if they have a read-only DC instead and their office loses internet connectivity for a long period, so the RO DC can't talk to the other DCs VMs in Azure?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,094 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,251 Reputation points Microsoft Employee
    2021-03-05T12:56:11.61+00:00

    @Dirk Manderin They can login but you need to understand that this is not the best security practice. Under the circumstances, if you must do it, you can enable the cached logon for windows where the users can login to the machine using the cached credential without the need to a DC to authentication.

    Read more about it here : https://learn.microsoft.com/en-US/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information

    Things might break if there is a password reset scenario.

    0 comments No comments