Group Policy Analytics in Microsoft Endpoint Manager

Hi everyone again! Have you ever thought about migrating your on-premise GPO to Intune? What if you have hundreds or thousands of settings you need to recreate? Is it a showstopper from migration from on-premise AD to Azure AD and Intune? Not really. Let me show you today one of Intune tools – Group Policy Analytics in Microsoft Endpoint Manager.

Group Policy analytics can analyze your exported settings from Active Directory GPO and show you settings you can (or can’t) reproduce with Intune. Then you can migrate analyzed settings to Intune and deploy them on enrolled devices.

First, we need to export settings from Active Directory. Go to Group Policy Management console and find Group Policy Objects. You can use Back Up or Save Report option. Click on GPO you want to export and choose Save Report option:

Group Policy analytics in Microsoft Endpoint Manager

Then select Save as a file: XML File:

Group Policy analytics in Microsoft Endpoint Manager

After successful export one ore more GPOs go to Microsoft Endpoint Manager, select Devices – Group Policy analytics (preview). Click Import and browse GPOs you want to analyze:

Group Policy analytics in Microsoft Endpoint Manager

Choose one ore more and click Open. Wait until import completed and close the window. After the import you see Group policy name, MDM support in percentage means how many policies you can reproduce/migrate to Intune and Targeted in AD – Yes/No – means if imported GPO is targeted in Active Directory on Organization Unit. Unknown settings show policies that can’t be analyzed:

When you sort by MDM support you see GPO that you can’t migrate to Intune:

Or you definitely can:

Click on the MDM support percentage of specific policy and you will see more detailed information:

MDM support – Yes means there is matching setting available in Intune and you can create this policy manually or migrate from GPO. MDM support – No means there is no matching setting available in Intune and you can’t reproduce this policy.

Value shows different values as it configured in imported GPO and should be like Enabled, Disabled, true, false or value of the setting:

Scope column shows the target in Active Directory – users or computers. Min OS version – minimum OS version this setting can be applied for.

The summary that should be also helped before the making a decision you can find in ReportsGroup policy analytics (preview):

Here you should see a total number of settings in analyzed GPOs, number of settings you can and can’t migrate.

For a detailed information go to Reports – Group policy migration readiness:

Generating detailed report should take some time, then you see detailed information about every single setting if it’s ready for migration or not:

You can also filter settings by Migration Readiness to see if there is something critical you must have in Intune:

Click Generate again to get filtered report:

After analysis we can migrate supported settings from GPO to Intune. Go to Devices – Group Policy analytics (preview) again, then choose a GPO you want to migrate to Intune and click Migrate:

On the Settings to migrate page you can choose all of the supported settings (unsupported or deprecated settings are greyed out) in this GPO or just some of them:

Click Next. On the Configuration page review the settings you want to migrate and click Next. On the Profile page assign a name of the configuration profile and click Next. On the Assignments page you can target groups or you can do it later. Click Next, then click Deploy:

You can find created settings in Devices – Configuration profiles. In Configuration settings you should see settings you successfully migrated from GPO:

Happy deployment!



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.