The plan to move the organization on to a domain based infra can be achieved using local domain hosted in an internal network connecting all devices using internal switches and routers and securing the infrastructure or by using Azure Active directiry which needs systems to have active internet connected.
Let's assume you are going with Azure AD and configure AD domain on Azure and public DNS. You also enable:
-- Users can register devices
We wish to introduce domain logins to our company computers. Could someone guide me where to begin as Microsoft documentation is very confusing. What services do I need to look in? The requirements we need:
First and foremost should be to configure and Azure AD settings under free plan and add users that can access the Azure services such as Domain joining etc,
Compare premium features needed under differed AAD plans and M365.
You can ask users to register the devices using windows 10/11 settings.
Employees login to their W10/11 devices via domain logins (we sync users from Google, so login via e-mail user test@test .com would be what's needed).
You can federate user logons on AAD from GCP Connector using below link
We need to see the logs when and what user logged in into company owned W10/11 device.
All the logons can be seen in Azure for registered devices and can use Intune to control device behavior.
We need to manage those devices a bit, like force BitLocker to be enabled.
We need to be able to block user from logging in into device.
Control user logons and local admins using Azure AD.
We need to be able to give those users Admin permissions on W10/11 devices.
Control local Administrators group membership to control admin rights.
So, what Microsoft subscriptions I should look into to achieve this? M365? Azure? Else?
You can compare the required features of Azure AD Premium services and Microsoft 365 plans to better align resources and adapt to required feaures.