My understanding is that if you're using Microsoft's Hypervisor product, the management console allows you to seamlessly deploy either to a VM on local hosts or in the Azure cloud (presumably through a VPN). I imagine that makes it easy to spin up those extra windows machines and licenses you need to support all the extra Active Directory add-ons you can get (inventory management, update management, SQL server to handle their data, etc) on Azure rather than procuring more hardware.