I have a remote site in a hurricane prone region. If they get hit, they could have no Internet access for weeks at a time. Our environment consists of Active Directory synced to Azure AD. Computers are Azure AD joined. Currently they have two file / application servers that are AD joined and one domain controller, all running in Hyper-V. If they lose internet access (so no Azure access either) for a few weeks:
Even though their computers are Azure AD joined (not hybrid), and the users login via Azure AD, would they be able to authenticate against their local DC if they couldn't connect to Azure?
If the above is true - the DC is currently read-write, which I'm not a big fan of since this is a very small office with minimal security Are there any limitations if they have a read-only DC instead and their office loses internet connectivity for a long period, so the RO DC can't talk to the other DCs VMs in Azure?