I'm looking for suggestions on how to effectively manage machines that are joined to our domain but are used by field staff who never come into the office. These employees don't use VPN for network access, and we'd like to ensure their devices remain updated with Group Policies and Password Requirements. Additionally, we have an automated process that removes any AD Computer objects that haven't checked in for 180 days. Any ideas?
5 Answers
Consider implementing always on VPN. It's great for keeping your endpoints managed even when they're not in the office.
We've set up all our remote notebooks with always on VPN using Wireguard. This ensures that they receive all software and policy updates, plus we can remotely wipe them if they're lost or stolen.
If VPN isn't an option for you, why not look into Azure AD with Intune? It can help manage those remote devices without needing traditional VPN access.
Honestly, if they don’t have a reason to use VPN, you might want to rethink the necessity of using a domain controller for them. Entra might be the best route.
This situation is perfect for using Entra Joined devices managed through Intune. It's designed for scenarios like yours where devices are remote but still need to be secure and managed.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures