Hi,
I essentially need to push GPOs out to my domain joined devices but they are Azure AD joined (Win 10).
Effectively I need to bolt-on a mechanism to push GPOs to Azure AD joined machines as Azure AD is not a full DC.
So, we took the approach below.
- O365 and Azure AD (domain join and AD management)
- Azure Virtual Network (internal app, external websites and NLS server for Direct Access i believe)
- Azure VPN: contingency access (if Direct Access connection dies - we're pushing for `always on` and `silent`.)
- Azure VM: DC01 (domain controller - deployed in the VNet)
- Azure VM: DC02 (domain controller - high availability - deployed in the Vnet)
- Azure AD Connect: Sync the DC to Azure AD for computer devices etc
- Azure VM : app in Vnet w/private data accessible via RDP
Is this wrong approach? Is it possible? Any good starter templates?
Suggestions for something different to achieve the end goal, a cloud-only VNet integrated with O365 with GPO functions actually working successfully - would be greatly appreciated.
Thanks!