After joining your Windows 10 PC to Azure AD, you can verify the registration through:
# PowerShell command to check Azure AD join status
dsregcmd /status
You'll find registered devices in the Azure portal under:
Azure Portal → Azure Active Directory → Devices → All Devices
Traditional GPOs require a domain controller, while Azure AD uses modern management approaches:
- Azure AD Join replaces domain join
- Intune/MEM replaces Group Policy
- Azure AD Conditional Access replaces some security policies
For folder redirection and drive mappings, consider these Intune configuration methods:
// Example Intune PowerShell script for drive mapping
$driveLetter = "Z:"
$networkPath = "\\fileserver\departments\hr"
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
New-ItemProperty -Path $registryPath -Name $driveLetter -Value $networkPath -PropertyType String -Force
Use Intune's Settings Catalog to configure privacy settings:
- Create new Configuration Profile
- Select "Settings catalog" as profile type
- Search for and configure specific privacy settings
If you need traditional GPOs with Azure AD auth:
# Hybrid Azure AD join prerequisites
1. Azure AD Connect configured
2. Device writeback enabled
3. Organizational Unit configured for computer objects
For Windows 10 privacy configuration:
{
"deviceConfiguration": {
"@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
"privacyAdvertisingId": "disabled",
"privacyAutoAcceptPairingAndConsentPrompts": "enabled",
"startMenuHideRecentJumpLists": true,
"startMenuHideRecentlyAddedApps": true
}
}
Remember that full GPO parity isn't available in Azure AD alone - Intune or third-party solutions fill this gap for cloud-managed devices.
When shifting from traditional Active Directory to Azure AD, one key difference is the absence of native Group Policy Object (GPO) management. Azure AD operates on a cloud-first model with modern MDM approaches, which requires adapting your administration strategy.
To view your test Windows 10 PC in Azure AD:
- Navigate to Azure Portal (portal.azure.com)
- Go to Azure Active Directory → Devices → All devices
- Filter by Join type = Azure AD joined
You should see your test machine listed with details like OS version and join date.
For traditional GPO settings in Azure AD environments:
Option 1: Azure AD Device Settings
Basic policies can be configured at:
Azure AD → Devices → Device settings
Example settings available:
// PowerShell to check device registration status
Get-MsolDevice -All | Where-Object {$_.DeviceTrustType -eq "AzureADJoined"}
Option 2: Microsoft Intune (Recommended)
The complete solution for policy management requires Intune:
- Create configuration profiles in Endpoint Manager
- Target devices using Azure AD groups
- Deploy settings equivalent to traditional GPOs
Sample JSON for OneDrive folder redirection (modern equivalent of GPO):
{
"@odata.type": "#microsoft.graph.onenoteResource",
"target": {
"knownFolderId": "documents",
"targetPath": "/OneDrive/Documents"
}
}
For persistent drive mappings without traditional GPOs:
// PowerShell script deployed via Intune
$driveLetter = "Z:"
$path = "\\contoso.file.core.windows.net\share"
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Set-ItemProperty -Path $registryPath -Name "MapNetworkDrive" -Value "net use $driveLetter $path /persistent:yes"
Create a custom Intune configuration profile using OMA-URI settings:
./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessLocation
Value: 1 (Force deny)
For hybrid scenarios where some GPOs must remain, consider:
- Azure AD Connect for hybrid identity
- Group Policy Analytics in Intune to convert GPOs
Remember that Azure AD device management represents a paradigm shift - focus on cloud-native solutions rather than trying to replicate exact on-prem behaviors.