Hi All,
Just seeking some general advice for our operation. To better explain I have quickly created the following diagram.
This shows external web/cloud services. Internally, we primarily use Outlook/Excel and some Sharepoint. Now that we are expanding, we are looking at opening 2-3 branch offices with only a couple of users. Currently, we have a local AD DC which used to be configured with Exchange / Roaming Profiles, however as it is aging and licensing was expensive we simply went to cloud Exchange and kept the DC in tact. Most local users have roaming profiles. The Part time/Remote do not and are not domain users. (Most recent PC additions are not either, however most are). Now that we are expanding two immediate issues need to be addressed.
1. Better enforced / established group policies for app / permission control
2. Interconnectivity between primary location and satellite locations
3. We are developing an Access DB to reduce file handling / email circulation for some basic info repositories and registers.
I have been in touch with some local SLA providers and they all appear to have a different view on how to handle this scenario. From complete infrastructure replacement, to their hosted infrastructure, to simple Azure VPN devices.
Our margins are not high, so it is hard to justify high infrastructure costs. What I would like to know, is if Azure AD can be configured to have group policies and enforce application / file permission control ? This won't really solve the local Access DB connection issue however there may be alternatives such as ODBC connectors etc..
I guess I am simply trying to avoid VPN tunnels as the reliance on the local DC remains high ? I was also thinking if Azure AD does what we need there appears to be some inexpensive Windows Server Essentials NAS such as Thecus W5810 etc.. ? perhaps we can run one of these at each location ?
Would love to hear your thoughts. A $20k+ new local SBS/DC is not an option for now
Thank You
Just seeking some general advice for our operation. To better explain I have quickly created the following diagram.
This shows external web/cloud services. Internally, we primarily use Outlook/Excel and some Sharepoint. Now that we are expanding, we are looking at opening 2-3 branch offices with only a couple of users. Currently, we have a local AD DC which used to be configured with Exchange / Roaming Profiles, however as it is aging and licensing was expensive we simply went to cloud Exchange and kept the DC in tact. Most local users have roaming profiles. The Part time/Remote do not and are not domain users. (Most recent PC additions are not either, however most are). Now that we are expanding two immediate issues need to be addressed.
1. Better enforced / established group policies for app / permission control
2. Interconnectivity between primary location and satellite locations
3. We are developing an Access DB to reduce file handling / email circulation for some basic info repositories and registers.
I have been in touch with some local SLA providers and they all appear to have a different view on how to handle this scenario. From complete infrastructure replacement, to their hosted infrastructure, to simple Azure VPN devices.
Our margins are not high, so it is hard to justify high infrastructure costs. What I would like to know, is if Azure AD can be configured to have group policies and enforce application / file permission control ? This won't really solve the local Access DB connection issue however there may be alternatives such as ODBC connectors etc..
I guess I am simply trying to avoid VPN tunnels as the reliance on the local DC remains high ? I was also thinking if Azure AD does what we need there appears to be some inexpensive Windows Server Essentials NAS such as Thecus W5810 etc.. ? perhaps we can run one of these at each location ?
Would love to hear your thoughts. A $20k+ new local SBS/DC is not an option for now
Thank You