The concept of GPOs (Group Policy Objects) is a critical part of the Microsoft Active Directory® platform. GPOs help IT admins execute tasks across their Windows device fleet. They are meant to help increase security, automate maintenance, and help address problems. However, as the IT landscape shifts to the cloud, the on-prem nature of Active Directory and its GPOs are starting to fall behind. This has caused a common question to be asked: “Is there is such a thing as cloud GPOs?”
Do Cloud GPOs Exist?
Well, it’s important to understand that the concept of GPOs is a Microsoft construct. Microsoft has heavily invested in both the Active Directory platform’s capabilities, as well as with Windows APIs and its ability to execute Powershell commands. But, even with this significant investment, it still remains an on-premises product. Since Active Directory remains a firmly planted on-prem solution, the concept of cloud GPOs doesn’t really make sense. Without a cloud Active Directory, there can be no cloud GPOs.
One common thought is that IT organizations can just switch to Azure Active Directory, and run cloud Active Directory and cloud GPOs from there. Unfortunately, the truth is that Azure Active Directory is not a replacement for the on-prem AD. Not only does Azure not have the functionality to run GPOs in the cloud, but it is also only aimed at your systems hosted in Azure rather than your on-prem systems. This means that it still requires an Active Directory instance to implement, which is a quite painful process in itself.
On top of all that, the concept of GPOs is also relegated to Windows systems only. When you think about what IT network looks like today, it’s easy to see that it’s no longer the Microsoft exclusive environment that used to be. Now, it’s more of a mixture of Windows machines and a great deal of macOS and Linux systems. It’s essential in today’s world to be able to control and manage devices with a cross-platform approach, as opposed to the platform exclusive model that Microsoft AD has currently. Active Directory doesn’t have (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/cloud-gpos-group-policy-objects/