Managed GPOs (Group Policy Objects)

Written by Jon Griffin on January 30, 2018

Share This Article

GPOs (Group Policy Objects) have become an invaluable part of the Microsoft Active Directory® (AD) platform. Using GPOs, IT admins have been able to manage their Windows fleet with policies that cover security settings, connecting to internal file servers and printers, configuration settings, and more. The limitation of these GPOs though is that they are only really functional for on-prem Windows devices. This is in stark contrast with the current trend of moving everything to the cloud and allowing employees to use Mac and Linux devices. As a result, many admins are searching for a new solution. With the world shifting to the cloud, is there a managed GPO (Group Policy Objects) solution that supports cross-platform environments and is delivered from the cloud?

Understanding the Limitations of GPOs

Active Directory fails in the cloud

Before looking into cloud-based solutions, we should start by examining more closely why many admins are moving away from GPOs. The main reason is the simple fact that GPOs are native to Active Directory and are a proprietary Microsoft construct. When Microsoft introduced AD and GPOs back in 1999, they were implemented into an entirely Microsoft environment. This made it easy for them to connect with all of the other Microsoft IT resources in the office. As time went on and other companies began providing competing solutions, Microsoft did not adapt to them. Instead of creating new ways to help manage the Mac and Linux systems and web applications being introduced to the environment, AD remained closed off and focused on Microsoft solutions.

In order to work within the limitations of Active Directory, admins pushed to keep their organizations as Microsoft centric as possible. This became known as the Microsoft lock-in strategy. However, admins could not fight off the end users forever. Today you see companies with a large percentage of users on either Mac or Linux systems, not to mention the web applications and cloud infrastructure that nearly every organization employs. Many solutions have emerged to help connect some of these tools back to AD, but with each one came another product that had to be purchased, set up, managed, and more. That just meant more complexity for the admins. This struggle is something that admins have been dealing with for years, and with an understanding of the challenge it becomes easy to understand the desire to find a managed GPO solution that works for the cloud and cross platform environments.

One idea that many admins have considered is using Azure Active Directory (AAD) as a cloud GPO provider, but unfortunately that solution does not handle GPOs. AAD does intend to support GPOs, but it isn’t exactly clear whether it would be a replacement for the on-prem AD GPOs or not since Azure AD is not a replacement for AD. It seems more likely that Azure AD GPOs are meant for Azure-hosted Windows devices, with regular on-prem AD GPOs for the rest.

So, for organizations that may still be 100% Microsoft Windows, the Microsoft centric approach to GPOs may work. For the multi-platform, heterogeneous environments, a different approach is going to be needed.

Finding a Solution with Managed GPOs

cloud identity group policy object

Now that we know why a new solution is needed, it’s important to figure out what the ideal managed GPOs solution looks like. When preparing for the future of the IT environment, the ideal approach to setting policies, executing commands, and running scripts on a fleet of systems will be done from a cloud-based systems management platform. This is essential because it reduces the amount of on-prem hardware and makes it easier to connect to other cloud-based resources. On top of that, this platform must also have the ability to run tasks/commands/policies against cross-platform environments and have detailed audit logging and information.

With this setup, IT admins would be able to control and secure their cross-platform environment from one central console. Compared to the alternative of using Active Directory for their Windows machines and other tools for their Mac and Linux systems, that would be a breeze. When you add in the fact that from one integrated SaaS platform, IT organizations could manage users as well as systems, the decision becomes obvious. So, where are the managed GPOs that admins are looking for?

Managed GPOs with Directory-as-a-Service®

managed group policy objects

These managed GPOs are emerging with a new cloud based directory called JumpCloud Directory-as-a-Service (DaaS). With the DaaS offering, admins can enforce Policies and Commands against a whole network of cross-platform devices, and it’s all done from the cloud. No longer is a third party solution needed to manage Mac and Linux systems, control access to web applications, attach a cloud RADIUS server, and more. The unified cloud directory is built for the modern IT environment, and has a managed GPO like approach to systems management without the need for AD.

Don’t believe us? See it for yourself by signing up for a free account of the virtual directory. We offer 10 users free forever so you can setup your own test environment and see the managed GPOs as well as the other features for yourself. Make sure you reach out to the JumpCloud team if you have any questions or if you would like to see a demo!

Jon Griffin

Jon Griffin works as a writer for JumpCloud, an organization focused on bringing centralized IT to the modern organization. He graduated with a degree in Professional and Technical Writing from the University of Colorado Colorado Springs, and is an avid learner of new technology from cloud-based innovations to VR and more.

Continue Learning with our Newsletter