We run a small business and have begun to use Azure AD to manage our users. Our Windows 10 workstations are connected to the Azure domain via "Connect to work or school" setting, and that works nicely.
The problem is we have a couple of Windows Server 2016 installations in the office. Currently they are setup with local admin accounts and people log in as that in order to administer them.
What we really want is to be able to grant admin rights to our Azure AD users and allow them to login to the server with their regular Azure AD credentials.
What is the equivalent of "Connect to work or school" for Windows server 2016? How do we allow Windows server to grant admin rights to specific AD users?
I have seen Azure AD Connect, but that seems to require us to setup AD locally and sync it with Azure. I'm concerned, if this is the solution, that it will complicate our admin load. We are just looking for a really simple solution. If Azure AD connect is the answer, what is the simplest way to set it up to achieve the most basic on-site server administration for Azure AD users?
In this case (for Windows Server), even though you have successfully synced your on premise Computer account into Azure AD using AAD Connect, you can't manage to control who can or cannot manage the server just as doing that on on-premise, even allow AAD user to log in.
Take a look at Azure AD DS - https://azure.microsoft.com/en-us/services/active-directory-ds/
If you have these servers in your on-premises environment it will require some networking (VPN) to be configured. AAD DS have limitations but if you need it only for managing security and domain join, do not require large directory structures, GPOs etc. it will be enough.