Authentication to Azure

lra 86 Reputation points
2021-05-09T01:24:57.673+00:00

We have an on-prem domain syncing Users & Devices to our 365 (Azure) with AD Connect.

When an AD user authenticates against Azure (ie the login page has Access Work or School) the GPOs set on-prem do not apply to the User. Only Computer GPOs with Loopback Processing enabled apply.

The computer is still domain joined and the user exists on-prem and in Azure, so it's the same user account.
Can anyone explain what is happening? Or, how can I get them to apply?

Any help would be greatly appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,707 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. VipulSparsh-MSFT 16,201 Reputation points Microsoft Employee
    2021-05-11T07:47:16.01+00:00

    Can you share the screenshot where the user is logging in actually ?

    You are most probably talking about the Azure AD Domain Services which are capable of pushing GPO down to devices.
    Loop back processing would mostly look for the place (OU) where the computer policies are stored and will only process computer policy and not the user policy.
    You need to make sure that the user policy is also present in the same location for it to process.

    Let me know if you have any questions.


    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.