Group Policy Analytics in Microsoft Endpoint Manager

Hi everyone again! Have you ever thought about migrating your on-premise GPO to Intune? What if you have hundreds or thousands of settings you need to recreate? Is it a showstopper from migration from on-premise AD to Azure AD and Intune? Not really. Let me show you today one of Intune tools – Group Policy Analytics in Microsoft Endpoint Manager.

Group Policy analytics can analyze your exported settings from Active Directory GPO and show you settings you can (or can’t) reproduce with Intune. Then you can migrate analyzed settings to Intune and deploy them on enrolled devices.

First, we need to export settings from Active Directory. Go to Group Policy Management console and find Group Policy Objects. You can use Back Up or Save Report option. Click on GPO you want to export and choose Save Report option:

Group Policy analytics in Microsoft Endpoint Manager

Then select Save as a file: XML File:

Group Policy analytics in Microsoft Endpoint Manager

After successful export one ore more GPOs go to Microsoft Endpoint Manager, select Devices – Group Policy analytics (preview). Click Import and browse GPOs you want to analyze:

Group Policy analytics in Microsoft Endpoint Manager

Choose one ore more and click Open. Wait until import completed and close the window. After the import you see Group policy name, MDM support in percentage means how many policies you can reproduce/migrate to Intune and Targeted in AD – Yes/No – means if imported GPO is targeted in Active Directory on Organization Unit. Unknown settings show policies that can’t be analyzed:

When you sort by MDM support you see GPO that you can’t migrate to Intune:

Or you definitely can:

Click on the MDM support percentage of specific policy and you will see more detailed information:

MDM support – Yes means there is matching setting available in Intune and you can create this policy manually or migrate from GPO. MDM support – No means there is no matching setting available in Intune and you can’t reproduce this policy.

Value shows different values as it configured in imported GPO and should be like Enabled, Disabled, true, false or value of the setting:

Scope column shows the target in Active Directory – users or computers. Min OS version – minimum OS version this setting can be applied for.

The summary that should be also helped before the making a decision you can find in ReportsGroup policy analytics (preview):

Here you should see a total number of settings in analyzed GPOs, number of settings you can and can’t migrate.

For a detailed information go to Reports – Group policy migration readiness:

Generating detailed report should take some time, then you see detailed information about every single setting if it’s ready for migration or not:

You can also filter settings by Migration Readiness to see if there is something critical you must have in Intune:

Click Generate again to get filtered report:

After analysis we can migrate supported settings from GPO to Intune. Go to Devices – Group Policy analytics (preview) again, then choose a GPO you want to migrate to Intune and click Migrate:

On the Settings to migrate page you can choose all of the supported settings (unsupported or deprecated settings are greyed out) in this GPO or just some of them:

Click Next. On the Configuration page review the settings you want to migrate and click Next. On the Profile page assign a name of the configuration profile and click Next. On the Assignments page you can target groups or you can do it later. Click Next, then click Deploy:

You can find created settings in Devices – Configuration profiles. In Configuration settings you should see settings you successfully migrated from GPO:

Happy deployment!



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.