I'm not able to modify the password policy with either account.
You needs the credentials of a user account belonging to the AAD DC Administrators group in your directory, to administer Group Policy for your managed domain. You can install the AD administration tools on the managed-domain VM.
- Open Server Manager. Click Add Roles and Features.
- On the Features page, click to expand the Remote Server Administration Tools node and then click to expand the Role Administration Tools node. Select AD DS and AD LDS Tools feature from the list of role administration tools.
- Finish the installation.
Then you will find two containers called AADDC Computers and AADDC Users respectively. From AADDC Users container, you will see the AAD DC Administrators group.
For more details: Administer an Azure Active Directory Domain Services managed domain.
Where/how can these settings be altered? There does not appear to be a
place to edit group policy in the Azure portal for AAD DS. Is there
some way to unlock these settings?
You need to install Group Policy tools on the virtual machine.
- Launch the Server Manager, On the Features page, select the Group Policy Management feature. Then complete the installation.
- Click Group Policy Management to launch the Group Policy Management console. Find group policies for your managed domain.
- Right-click the GPO and click Edit... to customize the built-in GPO. The Group Policy Configuration Editor tool enables you to customize the GPO.
You can now use the Group Policy Management Editor console to edit the built-in GPO.
For more details: Administer Group Policy on an Azure AD Domain Services managed domain
