This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 32%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Hi
Can someone please give me some advice.
For years we have had our own on premise domain with AD etc.
Recently when renewing licenses with our supplier we were advised to go down the route of Windows 10 Enterprise E3 per user licences rather than our previous per computer licenses.
Now to activate these correctly you have to join the computer to Azure AD rather than as it now to our on-site AD.
I have tested doing this for one user on a test computer to try and get my head around it, and first thing I note is that obviously they then have to sign on using email address e.g. f_bloggs@keyman .com rather than using previous login of fred_b. This is not an issue.
Once logged in the computer shows as activated correctly via a subscription as it should do.
But obviously things such as Group Policies now don't apply which is not something I had thought of or been warned about when sold these new licenses.
Can someone who has been throw this change tell me how I still have my original functionality of group policy settings but still be compliant with the licensing for Windows 10 Enterprise E3 needing Azure AD etc
Thank you very much
Are you using Azure AAD Connect? This will sync your AD accounts to Azure AD so that you can still use your email address that you have always used from on-prem.
Yes we have Azure AAD Connect installed because it was installed when we moved from on-premise Exchange to Exchange Online Plan 1 / Office 365
From reading a bit more since posting it seems what I need is a HYBRID Azure AD, rather than just Azure AD, so that Windows 10 Enterprise E3 subscription will activate with Azure, but so can still use in house resources like Group Policy etc
Does that sound about right?
Yes, that is what we are using.
Thanks I will look at getting that configured then. Any gotchas or things to look out for from someone who is using it?
Hi.
Recommended way is Azure AD Hybrid join. You get all benefits from both worlds in this scenario - you have your computer joined to onprem AD with GPOs etc., but you have your computer also joined to Azure AD, so you can activate your licenses, SSO, Conditional Access etc.