Hi everyone again! Have you ever thought about migrating your on-premise GPO to Intune? What if you have hundreds or thousands of settings you need to recreate? Is it a showstopper from migration from on-premise AD to Azure AD and Intune? Not really. Let me show you today one of Intune tools – Group Policy Analytics in Microsoft Endpoint Manager.
Group Policy analytics can analyze your exported settings from Active Directory GPO and show you settings you can (or can’t) reproduce with Intune. Then you can migrate analyzed settings to Intune and deploy them on enrolled devices.
First, we need to export settings from Active Directory. Go to Group Policy Management console and find Group Policy Objects. You can use Back Up or Save Report option. Click on GPO you want to export and choose Save Report option:
Then select Save as a file: XML File:
After successful export one ore more GPOs go to Microsoft Endpoint Manager, select Devices – Group Policy analytics (preview). Click Import and browse GPOs you want to analyze:
Choose one ore more and click Open. Wait until import completed and close the window. After the import you see Group policy name, MDM support in percentage means how many policies you can reproduce/migrate to Intune and Targeted in AD – Yes/No – means if imported GPO is targeted in Active Directory on Organization Unit. Unknown settings show policies that can’t be analyzed:
When you sort by MDM support you see GPO that you can’t migrate to Intune:
Or you definitely can:
Click on the MDM support percentage of specific policy and you will see more detailed information:
MDM support – Yes means there is matching setting available in Intune and you can create this policy manually or migrate from GPO. MDM support – No means there is no matching setting available in Intune and you can’t reproduce this policy.
Value shows different values as it configured in imported GPO and should be like Enabled, Disabled, true, false or value of the setting:
Scope column shows the target in Active Directory – users or computers. Min OS version – minimum OS version this setting can be applied for.
The summary that should be also helped before the making a decision you can find in Reports – Group policy analytics (preview):
Here you should see a total number of settings in analyzed GPOs, number of settings you can and can’t migrate.
For a detailed information go to Reports – Group policy migration readiness:
Generating detailed report should take some time, then you see detailed information about every single setting if it’s ready for migration or not:
You can also filter settings by Migration Readiness to see if there is something critical you must have in Intune:
Click Generate again to get filtered report:
After analysis we can migrate supported settings from GPO to Intune. Go to Devices – Group Policy analytics (preview) again, then choose a GPO you want to migrate to Intune and click Migrate:
On the Settings to migrate page you can choose all of the supported settings (unsupported or deprecated settings are greyed out) in this GPO or just some of them:
Click Next. On the Configuration page review the settings you want to migrate and click Next. On the Profile page assign a name of the configuration profile and click Next. On the Assignments page you can target groups or you can do it later. Click Next, then click Deploy:
You can find created settings in Devices – Configuration profiles. In Configuration settings you should see settings you successfully migrated from GPO: