Group Policy Analytics in Microsoft Endpoint Manager

Hi everyone again! Have you ever thought about migrating your on-premise GPO to Intune? What if you have hundreds or thousands of settings you need to recreate? Is it a showstopper from migration from on-premise AD to Azure AD and Intune? Not really. Let me show you today one of Intune tools – Group Policy Analytics in Microsoft Endpoint Manager.

Group Policy analytics can analyze your exported settings from Active Directory GPO and show you settings you can (or can’t) reproduce with Intune. Then you can migrate analyzed settings to Intune and deploy them on enrolled devices.

First, we need to export settings from Active Directory. Go to Group Policy Management console and find Group Policy Objects. You can use Back Up or Save Report option. Click on GPO you want to export and choose Save Report option:

Then select Save as a file: XML File:

After successful export one ore more GPOs go to Microsoft Endpoint Manager, select Devices – Group Policy analytics (preview). Click Import and browse GPOs you want to analyze:

Choose one ore more and click Open. Wait until import completed and close the window. After the import you see Group policy name, MDM support in percentage means how many policies you can reproduce/migrate to Intune and Targeted in AD – Yes/No – means if imported GPO is targeted in Active Directory on Organization Unit. Unknown settings show policies that can’t be analyzed:

When you sort by MDM support you see GPO that you can’t migrate to Intune:

Or you definitely can:

Click on the MDM support percentage of specific policy and you will see more detailed information:

MDM support – Yes means there is matching setting available in Intune and you can create this policy manually or migrate from GPO. MDM support – No means there is no matching setting available in Intune and you can’t reproduce this policy.

Value shows different values as it configured in imported GPO and should be like Enabled, Disabled, true, false or value of the setting:

Scope column shows the target in Active Directory – users or computers. Min OS version – minimum OS version this setting can be applied for.

The summary that should be also helped before the making a decision you can find in ReportsGroup policy analytics (preview):

Here you should see a total number of settings in analyzed GPOs, number of settings you can and can’t migrate.

For a detailed information go to Reports – Group policy migration readiness:

You can also filter settings by Migration Readiness to see if there is something critical you must have in Intune:

Click Generate again to get filtered report:

After analysis we can migrate supported settings from GPO to Intune. Go to Devices – Group Policy analytics (preview) again, then choose a GPO you want to migrate to Intune and click Migrate:

On the Settings to migrate page you can choose all of the supported settings (unsupported or deprecated settings are greyed out) in this GPO or just some of them:

Click Next. On the Configuration page review the settings you want to migrate and click Next. On the Profile page assign a name of the configuration profile and click Next. On the Assignments page you can target groups or you can do it later. Click Next, then click Deploy:

You can find created settings in Devices – Configuration profiles. In Configuration settings you should see settings you successfully migrated from GPO:

Happy deployment!

Share:

Facebook
Twitter
LinkedIn
Picture of Ievgen Liashov

Ievgen Liashov

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 024
Cyber Security

WME Security Briefing 28 August 2024

GhostWrite Vulnerability in T-Head CPUs Exposes Devices to Unrestricted Access Overview A critical architectural flaw in T-Head’s XuanTie C910 and C920 RISC-V CPUs was uncovered by recent research from the CISPA Helmholtz Center for Information Security. Dubbed GhostWrite, the vulnerability

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=