Videos
The plan to move the organization on to a domain based infra can be achieved using local domain hosted in an internal network connecting all devices using internal switches and routers and securing the infrastructure or by using Azure Active directiry which needs systems to have active internet connected.
Let's assume you are going with Azure AD and configure AD domain on Azure and public DNS. You also enable:
-- Users can register devices
We wish to introduce domain logins to our company computers. Could someone guide me where to begin as Microsoft documentation is very confusing. What services do I need to look in? The requirements we need:
First and foremost should be to configure and Azure AD settings under free plan and add users that can access the Azure services such as Domain joining etc,
Compare premium features needed under differed AAD plans and M365.
You can ask users to register the devices using windows 10/11 settings.
https://support.microsoft.com/en-us/account-billing/register-your-personal-device-on-your-work-or-school-network-8803dd61-a613-45e3-ae6c-bd1ab25bf8a8
Employees login to their W10/11 devices via domain logins (we sync users from Google, so login via e-mail user test@test .com would be what's needed).
You can federate user logons on AAD from GCP Connector using below link
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial
We need to see the logs when and what user logged in into company owned W10/11 device.
All the logons can be seen in Azure for registered devices and can use Intune to control device behavior.
We need to manage those devices a bit, like force BitLocker to be enabled.
https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure
We need to be able to block user from logging in into device.
Control user logons and local admins using Azure AD.
We need to be able to give those users Admin permissions on W10/11 devices.
Control local Administrators group membership to control admin rights.
https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin#:~:text=Browse%20to%20Azure%20Active%20Directory,to%20add%20and%20select%20Add.
So, what Microsoft subscriptions I should look into to achieve this? M365? Azure? Else?
You can compare the required features of Azure AD Premium services and Microsoft 365 plans to better align resources and adapt to required feaures.
https://techbento.zendesk.com/hc/en-us/articles/1500000350541-Azure-Active-Directory-Premium-Product-Comparison
https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products
Thank you @Jasreet Singh . Digging into this now.
So I recently had the need to move a sites DNS records from their current host (Cloudfair).
I didn't want to use the registrar as their interface is utter trash and transferring it out is not an option at the moment. So I thought I would move the hosting of the records to their Office 365 tenant.
Now though, it appears to be no longer an option. There used to be an option to click "Manage DNS" and one of the options was "Let Microsoft manage your DNS records". You could then change the domains name servers to ns1.bdm.microsoftonline.com, ns2, ns3 etc etc. Then add the records and away you went.
This doesn't seem possible any more? I tried speaking to MS support, but they said it's not possible even though I KNOW I did it before.
Am I going mad?
EDIT SPOKE TO Microsoft support. It has indeed been removed. Unless you select use MS name servers initially there is no way to move it across later other than removing and readding the domain. Were going to use the Azure DNS instead. Thanks all