question

ShahidRabbani-7807 avatar image
0 Votes"
ShahidRabbani-7807 asked ·

Azure ADDS Group Policy

I have following scenario to setup my Azure ADDS.

  1. Setup Azure AD for my domain ad.example.com and created few users in Azure AD.

  2. Configured AADDS for domain ad.example.com

  3. Created a Windows VM machine and joined with Azure ADDS (ad.example.com).

  4. On VM Server, Installed GPO management and AD Tools and view my Azure AD users in Active Directory users and computer snapin.

  5. Setup an Separate OU and moved my user in this OU and created GPO for few settings to apply on that user.

  6. Authenticate my windows 10 on-prem machine successfully with Azure AD user account which is part of my OU in Step 5.

My Query is:

Can I apply AADDS GPO on my windows10 machine ? which is authenticated with Azure AD? (Step 6)

Is there any other steps or configurations required to setup GPO on Onprem devices ?

I don't have any ONprem Windows AD.

Regards Shahid

azure-active-directoryazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@ShahidRabbani-7807 Yes, you can apply AADDS GPO on your windows10 machine. As long as you have active site to site VPN connection between your on-prem devices and Azure ADDS vnet, there are no additional steps or configurations required to setup GPO on Onprem devices.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShahidRabbani-7807 avatar image
0 Votes"
ShahidRabbani-7807 answered ·

@amanpreetsingh-msft thanks for your quick reply.

If i setup a S2S Vpn then i will use Windows 10 Domain Join option to join with AADDS not my school or work account for Azure AD join. exact ?

What about my remote users if they want to authenticate with AADDS ? do they need PtoS VPN ?

Is there any option if I can user Azure AD for authentication and fetch GPO for my windows machines ?

Regards

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@ShahidRabbani-7807 There has to be connectivity to Azure ADDS. That can be either via S2S, P2S or remote users connect to corp network via VPN and then use S2S connection to Azure ADDS. You cannot fetch GPOs via Azure AD by signing-in with work/school account.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.