Remotely control domain workstations with Azure AD, SCCM and GPO - best practices RRS feed

  • Question

  • Hi,

    We have a number of workstations that are domain joined but are floating around the country.  I'm trying to understand best practices for how we can continue to sync GPO updates, password changes, patches, SCCM updates, etc. if they're not connected to any company subnet.  We do have Azure AD and everyone has an Azure AD/O365 identity.  

    Basically, trying to figure out if there's a way for Azure AD to treat these stations like they're still joined to the domain, no matter where they're at.  So long as they're logged in with their O365 account.  Obviously, a part of the question is whether the internet is too insecure for this kind of connectivity.

    I'm seeing articles on how to remotely push a GPO update but that just seems to be when a computer is on a domain-linked subnet.  I have seen configurations options for workstations to reach SCCM or WSUS if they're on the internet. 

    Any links to good articles or whitepapers would be greatly appreciated.

    - Ron

    ---------- Ron Bass

    Thursday, September 26, 2019 7:41 PM

All replies