question

DarrenRose-5103 avatar image
0 Votes"
DarrenRose-5103 asked ·

Issues / Concerns moving from on premise AD to Azure AD

Hi

Can someone please give me some advice.

For years we have had our own on premise domain with AD etc.

Recently when renewing licenses with our supplier we were advised to go down the route of Windows 10 Enterprise E3 per user licences rather than our previous per computer licenses.

Now to activate these correctly you have to join the computer to Azure AD rather than as it now to our on-site AD.

I have tested doing this for one user on a test computer to try and get my head around it, and first thing I note is that obviously they then have to sign on using email address e.g. f_bloggs@domain.com rather than using previous login of fred_b. This is not an issue.

Once logged in the computer shows as activated correctly via a subscription as it should do.

But obviously things such as Group Policies now don't apply which is not something I had thought of or been warned about when sold these new licenses.

Can someone who has been throw this change tell me how I still have my original functionality of group policy settings but still be compliant with the licensing for Windows 10 Enterprise E3 needing Azure AD etc

Thank you very much

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DeniseChild-7219 avatar image
0 Votes"
DeniseChild-7219 answered ·

Are you using Azure AAD Connect? This will sync your AD accounts to Azure AD so that you can still use your email address that you have always used from on-prem.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DarrenRose-5103 avatar image
0 Votes"
DarrenRose-5103 answered ·

Yes we have Azure AAD Connect installed because it was installed when we moved from on-premise Exchange to Exchange Online Plan 1 / Office 365

From reading a bit more since posting it seems what I need is a HYBRID Azure AD, rather than just Azure AD, so that Windows 10 Enterprise E3 subscription will activate with Azure, but so can still use in house resources like Group Policy etc

Does that sound about right?

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DeniseChild-7219 avatar image
0 Votes"
DeniseChild-7219 answered ·

Yes, that is what we are using.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DarrenRose-5103 avatar image
0 Votes"
DarrenRose-5103 answered ·

Thanks I will look at getting that configured then. Any gotchas or things to look out for from someone who is using it?

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LukasBeran avatar image
0 Votes"
LukasBeran answered ·

Hi.

Recommended way is Azure AD Hybrid join. You get all benefits from both worlds in this scenario - you have your computer joined to onprem AD with GPOs etc., but you have your computer also joined to Azure AD, so you can activate your licenses, SSO, Conditional Access etc.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.