It's always more common to see hybrid sceneries, meaning On-premise and on cloud systems. Or just on cloud.
In these systems too, obviously, it's necessary to activate these policies used in on-premise systems.
But what accesses should you supply? Especially to who still isn't part of this organization?