GPOs “as-a-Service”

By Cassa Niedringhaus Posted October 14, 2019

The Group Policy Object (GPO) of the Microsoft® Active Directory® (AD) platform has been a crucial tool for IT admins for decades. But, with the shift of IT to the cloud, some are wondering how they can leverage GPOs-as-a-Service to accompany their growing SaaS profiles. 

Traditional Group Policy Objects 

A Microsoft construct, GPOs are templated commands and scripts admins can use to control systems and policies en masse from a central location. They’re a core method for the automation of Windows® system management, and they help IT admins manage at scale.

They serve an essential security function in enabling or disabling features across a company’s Windows systems, too. Using GPOs, admins can, for example, prohibit removable media drives, set password policies or limit control panel access.

GPOs’ Drawbacks

Unfortunately, there are two major drawbacks with traditional GPOs. For one, they only effectively apply to Windows systems, and admins hoping to apply them to Mac® and Linux® systems have to put in far more legwork to configure their non-Windows system policies. 

The other downside is that they can only be used from on-prem Active Directory servers — a challenge for companies that are growing in mobile and cloud functions and moving to serverless operations. 

GPOs from the Cloud 

Modern organizations need their system management to be swift and to apply to all systems, whether they are Windows, Mac, or Linux. That’s why the concept of GPOs as-a-Service are a hot commodity. Employees and organizations can choose the systems that work best for them, and IT admins can respond with ease.

JumpCloud® Directory-as-a-Service® features cross-platform, GPO-like functionality, called Policies. With Policies, admins have similar levels of control over their entire fleet, regardless of operating system, and they unlock the ability to automate system management as necessary. Plus, admins can do all that work through the cloud, no server needed, which means they can reduce or eliminate their on-prem infrastructure without losing functionality.

JumpCloud provides a library of system policies from which admins can choose and bind to various groups — whether it’s a specific department’s personnel, all Mac users, all systems, or another system group. 

For example, on Mac systems, admins can employ a lock screen timeout after a custom number of seconds or disable Siri. JumpCloud offer hundreds of policies for Windows as well. Admins can also build scripts and commands for custom policies outside the library.

Beyond that, JumpCloud has policies for FileVault (Mac) and BitLocker (Windows) to enforce full disk encryption, an important industry standard for security. 

Learn More

Policies are just one function of Directory-as-a-Service, which, at its core, securely manages and connects users to their Windows, macOS, and Linux systems; on-prem and web applications via LDAP and SAML; physical and virtual file servers (e.g. Box, G Drive, Samba-based; and VPN and WiFi networks through RADIUS regardless of platform, protocol, provider, and location.

Are you interested in finding out how the concept of GPOs-as-a-Service can work for your enterprise? Contact us or try them out on up to 10 users and 10 systems for free, forever. 

You can also watch this video from our Build-Your-Own-Directory course to learn how to configure password settings; configure new policies for Mac, Linux, and Windows systems; bind policies to a system group; apply new policies; and more in the JumpCloud platform.

Cassa Niedringhaus

Cassa is a content writer at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she’s not at work, she likes to hike, ski and read.

Recent Posts