9

I am trying to use Azure Active Directory instead of using a traditional domain controller.

I would like to use Azure AD to authenticate users and to push GPO settings, such as folder redirection, drive mappings and Windows 10 privacy settings.

I have created an Office 365 account, which I understand creates the AD backend. I have also created an Azure account and added my test Windows 10 PC to the Azure domain using the O365/Azure user details.

I have also subscribed to an Azure AD premium trial.

It is at this point I am stuck. Where in Azure can I see the PC I have added?

Also, can I use Azure AD to push traditional Group Policy settings to my test PC, and if so where do I go to configure this?

Or do I need to use something like Windows Intune?

Frederik
  • 3,293
  • 3
  • 30
  • 46
user3580480
  • 221
  • 1
  • 3
  • 9

2 Answers2

7

Azure active directory cannot be used like this. It is not a replacement for Active Directory (well, at least it isn't at the time of writing).

What you want to do is use the intune service in combination with AAD to achieve what you want. I do not believe you will be able to do full GPO, but there are a ton of settings you can configure.

CtrlDot
  • 349
  • 1
  • 3
  • 2
    This is not entirely true. With Azure AD Directory services you can now join machines to AD and push GPO's (although with a limited scope). This is however still in preview – Sam Cogan Jul 18 '16 at 09:28
  • 1
    @Sam's answer below is accurate and should be considered. – SamErde Jul 18 '16 at 09:46
  • 1
    Intune can not manage devices like GPOs can - however, Intune is designed to configure basic device settings, like software deployments, anti-virus, windows updates and so on. Folder redirection, drive maps and all kind of user related configuration must be done through GPOs. Intune is coming from an MDM history, and should be viewed as MDM solution with great windows support. However, it is still made for configuring devices, rather than user settings on those devices. –  Jul 19 '16 at 18:07
5

Azure AD Directory Services is a new preview feature that functions more as a Domain Controller as a Service offering and does allow you push GPO's. The GPO and OU structure is more limited to classic AD, but it can be done. It is in preview so bear in mind the SLA consequences for that.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • These features can only be used in VMs running on the Azure IaaS offering. AAD DS can not be used to replace classic on premise AD DS for your average Windows 10 client. –  Jul 19 '16 at 18:03
  • @sebastian not entirely correct, if you have express route connectivity to your Azure Vnet then you can join in prem machines. But I agree it's not really meant as a replacement for a full DC with client machines it's more intended for providing AD services to IaaS in Azure. – Sam Cogan Jul 19 '16 at 19:47