I'm working at my company on implementing Active Directory Domain Services (AD DS) in Azure since we currently don't have any Active Directory set up. I came across three main options: using Microsoft Entra ID, Microsoft Entra Domain Services, or setting up AD on a Windows Server VM. I'm particularly focused on the ability to apply Group Policy Objects (GPOs) on user devices. Just to note, we're not utilizing Microsoft 365 and we manage our local systems directly. I'm not sure if these questions are silly, but I'd really appreciate any insights or recommendations on which option would be best for us. Thanks!
2 Answers
It’s not a silly question at all! If you’re inclined towards a cloud-first approach, I’d suggest going with Microsoft Entra Domain Services (Entra DS). This option allows you to utilize Kerberos, NTLM, and LDAP which are essential for managing Group Policy effectively. Entra DS will deploy two managed domain controllers for you, syncing your existing Entra accounts so your users can use their current credentials. This setup avoids the need for a VM, which could complicate things unnecessarily. It really seems like you’re on the right track!
If your focus is specifically on user devices, consider looking into Intune policies. This avoids the need for GPOs altogether—especially for desktops, Intune and Autopilot are the forward-thinking solutions. Just make sure your users have the right licenses, like Business Premium, to run this effectively. You could upload any relevant ADMX files for specific applications too.
Thanks for the tip on Intune! That sounds like a good route for managing desktop policies.