AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam
Eager to master hybrid server management? Discover how to administer Windows Server Hybrid Core Infrastructure on Azure, setting your path towards the Microsoft Certified: Azure Hybrid Infrastructure Administrator Associate certification!
Practice Test
Intermediate
Practice Test
IntermediateImplement Group Policy in Microsoft Entra Domain Services
Manage Group Policy Objects in Azure AD DS
Group Policy Objects (GPOs) play a vital role in managing Windows configurations and security settings for domain-joined devices. In Azure AD DS, administrators use the Group Policy Management Console (GPMC) on a VM joined to the managed domain to create and edit GPOs. The GPO definition files reside in the SYSVOL share, which replicates across all domain controllers in the managed domain. This setup ensures that policies are consistently applied and updated throughout your environment.
To configure and link GPOs, open the GPMC and create a new GPO or import an existing one. Next, link the GPO to the target Organizational Unit (OU) where the affected users or computers reside. By adjusting the link order, you can control which settings take precedence when multiple GPOs apply to the same OU. After linking, run gpupdate /force on client machines to immediately apply the new or updated policies.
Applying security and WMI filters helps you target specific objects for policy enforcement. Use the Delegation tab on a GPO to assign Read and Apply permissions to user or computer groups. WMI filters let you run queries based on device properties, such as OS version or installed RAM. For example, you can create a filter that only applies a GPO to machines running Windows Server 2022. Common WMI filter criteria include:
- Operating system name (e.g., Windows Server 2022)
- Physical memory (e.g., at least 8 GB)
- Processor architecture (e.g., 64-bit)
Verifying that policies are processed correctly is key to troubleshooting. You can use the Resultant Set of Policy (RSOP) snap-in to view applied settings for a user or computer. The gpresult command provides a quick summary in the command line, showing which GPOs were applied or denied. Azure AD DS also writes policy processing events to the Application and System logs, which you can review in the Event Viewer. Checking these logs helps you identify errors or conflicts in your GPO deployment.
Conclusion
In this section, you learned how to manage Group Policy Objects in Azure AD DS by using the Group Policy Management Console on a domain-joined VM. You practiced creating and linking GPOs to specific Organizational Units, and you understood how link order affects policy precedence. You also saw how to apply security and WMI filters for targeted policy application, ensuring only the right users or devices are affected. Finally, you explored verification methods like RSOP, gpresult, and Application and System logs to confirm that policies are processed as expected. These skills are crucial for maintaining consistent and secure configurations across your managed domains in Azure AD DS.