I'm new to Azure Arc and have a few on-premise servers connected to our Azure portal using the Arc-enabled service. I'm curious if it's possible to enforce policies on these servers—specifically, can we disable LLMNR and mDNS without using Group Policy? Is there a way to achieve this with Azure Arc-enabled servers?
4 Answers
You can definitely use Azure Arc to manage settings like disabling LLMNR or mDNS, but it's not quite the same as GPO. After onboarding your servers to Azure Arc, you can apply Azure Policy through Guest Configuration to audit and enforce certain OS-level settings. It's not as simple as traditional GPOs, but it's possible, provided your machines are set up correctly and reporting compliance.
Yes, you can manage settings using Azure Arc, specifically through Azure Policy and Guest Configuration. But here's the catch: the evaluation process for these policies is different from GPOs, which check in every 30 minutes. With Azure's Guest Configuration, you're looking at a more limited frequency—like once a day. So, while it's feasible, it may not be as responsive or straightforward as traditional GPO.
If your servers are already domain joined, it might complicate things unnecessarily. Azure Arc can project states into Azure, but using it as a full replacement for GPOs is a different approach. Are you trying to leave AD behind completely or just want better visibility?
Azure Arc is designed to extend Azure's control over non-Azure servers, allowing you to implement things like Azure Policy and Defender. However, it doesn't replace traditional domain management like Group Policy. For those, you’ll still want to stick with Group Policy or look into Intune for some replacements. Azure Arc focuses more on configuration governance rather than enforcing policies like AD does.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures