Nicholas,
When you are using an on-premise AD infrastructure that you manage and maintain and then use Azure AD Connect to synch your user accounts into the Azure cloud, you are traditionally doing so in order to leverage the Single Sign-On capabilities that Azure provides for SaaS solutions like Office 365, Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, etc...
There are three versions of the Azure AD solution that can be deployed, depending on the choices that you/your company have made and the "pay-as-you-go" addition of features that you may be consuming, as noted below:
-
Azure Active Directory Basic - Designed for task workers with cloud-first needs, this edition provides cloud-centric application access and self-service identity management solutions. You get features like group-based access management, self-service password reset for cloud applications, and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.
-
Azure Active Directory Premium P1 - adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity, and access management (IAM), identity protection, and security in the cloud. It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
-
Azure Active Directory Premium P2 - includes all the capabilities in Azure AD Premium P1 as well as Identity Protection and Privileged Identity Management. Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. Helps you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict, and monitor administrators and their access to resources and provide just-in-time access when needed.
Regardless of the Azure AD option that your company is using, you DO NOT use Group Policies to manage and control users and / or devices directly within Azure. The way that we accomplish access control to resources is via Group Membership and the use of Security Groups. Take a look at the following URL for a high level discussion of the basic concepts and then you can follow the links on the left hand column of the page to examine more topics as necessary to better understand your options:
"Manage access to resources with Azure Active Directory groups":
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups
You will also want to pay attention to the distinctions for how devices are managed and whether they are Domain Joined or Domain Registered. The following article will give you an overview and again, look to the left hand column navigation area for additional topics as necessary to further refine and understand what you may want to do, and how to accomplish it.
"Introduction to device management in Azure Active Directory":
https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction
Hopefully these articles will help you to start figuring out what you would like to do. Please let me know if I can be of any additional assistance to further clarify, or answer any questions as you continue your research.
Good Luck !!!
Cheers,
Adam