New Contributor

The scenario here is trying to use the AADDS as it is and not syncing anything from an on-premise location.

 

With VMs joined to this AADDS, I want to be able to have normal users log in to take care of day-to-day tasks, but I don't want to have to add them to the AAD DC Administrators Azure Security group to let them in. This gives those normal users more permissions that they should have.

 

There doesn't seem to be anything to allow this from the Azure AD side of things, and enabling a group policy for Remote Desktop Users does not work either. It is unclear what is stopping this from working, and so far I cannot find information that states this idea to be completely impossible either.

 

If anyone has any suggestions or information that could help I would greatly appreciate it!

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE