- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
- Ten sed command examples - Wed, Aug 23 2023
Active Directory Domain Services usually handles traditional client policy management in on-premises environments. However, without VPN, a hybrid workforce no longer has the line-of-sight network access they require to a domain controller.
What is Group Policy Analytics?
Microsoft has been working on bringing feature parity to Intune's cloud-based mobile device management policy settings so companies can shift policy management to the cloud. In addition, the new Group Policy Analytics tool provides easy lift-and-shift migration for on-premises GPOs.
From the imported GPOs, you can then create a Settings Catalog policy. You can use the settings policy to deploy settings to users and devices managed in the organization.
Export an on-premises GPO
First, we must export a GPO as an XML file to import the settings into the Group Policy Analytics tool. Then, in the Group Policy Management tool, right-click the Group Policy and select Save Report.
Save Group Policy settings from a GPO to an XML file
Choose XML File in the Save as type field.
Log in to Intune as an administrator or a user with the Security Baselines permissions. Then, navigate to Devices > Policy > Group Policy analytics (preview) > Import.
Import the XML file into the Group Policy Analytics tool
Choose the XML file you saved from the Group Policy Management Console. It will automatically import the file.
Next, you will see a measurement of MDM support in the dashboard, as it is not yet 100% supported. There will currently be limitations in specific Group Policy settings that can be migrated. However, the presently available Intune MDM settings contain many standard policy settings.
Viewing MDM support from the GPO import
The dashboard displays the migration readiness analysis.
Group Policy migration readiness
If you drill into the MDM support, you will see a granular list of settings from the Group Policy Object that will migrate and those that won't. Then, if you click the Migrate button, it will launch the "Migrate Group Policy Settings to the cloud" wizard.
Granular view of MDM support
Select the settings you want to migrate, or click the Select all on this page button.
Migrating imported Group Policy Settings to Cloud MDM settings
The Configuration page shows the settings included in the migration.
Viewing the configuration of the imported Group Policy Settings
Name the new configuration profile on the Profile info page.
Name the new configuration profile with the GPO settings
You can add Scope tags on the scope tags page if needed. On the Assignments page, you can scope the configuration profile to all users or specific users in your organization. Click the Add groups button to choose your Microsoft 365 groups.
Assign the new configuration profile to users
Finally, review and deploy the new configuration profile containing the migrated Group Policy Object settings.
Review and deploy the new configuration profile with the migrated group policy settings
After you deploy, the new configuration profile appears in the Devices > Configuration profiles section.
Viewing the newly created configuration profile from the Group Policy Analytics import
Wrapping up
Organizations are transitioning to a cloud-focused strategy, including remote client management. The Group Policy Analytics tool helps migrate seamlessly from on-premises GPOs to the CSP-based Microsoft MDM platform.
Subscribe to 4sysops newsletter!
However, it is worth noting that there are still limitations in the number of MDM settings at present. As a result, many businesses may opt to utilize a combination of GPOs and cloud-based MDM management through solutions such as Microsoft Intune.
