Here it depends. Is AD in Azure? This privacy statement seems to indicate that Microsoft has full access to your data and that it’s just company policy that keeps them out.
If your servers are on site and firewalled, then Microsoft would need some sort of remote access tool that tracks each server. This means that on-site licensing and patching needs to be done. I can’t think of any other service off the top of my head, but I’m only a desktop engineer.
Here it depends. Is AD in Azure? This privacy statement seems to indicate that Microsoft has full access to your data and that it’s just company policy that keeps them out.
If your servers are on site and firewalled, then Microsoft would need some sort of remote access tool that tracks each server. This means that on-site licensing and patching needs to be done. I can’t think of any other service off the top of my head, but I’m only a desktop engineer.