Migrate imported GPOs to Intune with Group Policy analytics (preview)
Introduction
In our previous blog post, where I wrote about exporting GPOs from Group Policy management on-prem using PowerShell and doing a proper cleanup with Microsoft Graph, I promised you an article about the new migration option within Group Policy analytics (preview). Using this new feature, you can create a Settings Catalog profile based on your imported GPOs and assign the profile to "All devices/All users" or your groups directly from Group Policy analytics (preview) in Intune.
Read about the prerequisites and requirements for Group Policy analytics (preview) and how to use the tool in our original blog post here – Analyze on-premises GPOs with MEM Group Policy analytics (preview).
Migrate GPOs to a Settings Catalog profile
Alright, let’s assume that you have imported all of your GPOs and analyzed the result, and you know precisely which on-prem policies you will transition to Intune. What are your options, then?
Well, before the migration option became available, you would have to search for an equivalent setting in the Endpoint Security blade, Settings Catalog, Administrative Template, or create a Custom profile, which can be a very time-consuming task. So, as mentioned in the introduction, we can now migrate imported GPOs to a Settings Catalog profile and assign "All device/All users" or a group to this profile directly from the Group Policy analytics (preview), which eases the burden a lot compared to doing it manually.
Now, let’s take a closer look at this new migration option.
Go to https://endpoint.microsoft.com
Click Devices | Group Policy analytics (preview)
In the list of your imported GPOs, select the Migrate checkbox next to the GPO you want to include in your Settings Catalog profile.
Note. You can choose to select one GPO or multiple GPOs.
Click Migrate.
From the Settings to migrate page, you can select all settings or search and manually select the settings to transition to Intune. – I chose four random settings for this article.
Important note. As mentioned above, you can migrate multiple GPOs to the same Settings Catalog profile, but the list may include identical settings with different values! – If you choose identical settings with different values, a conflict will occur, and an error will show with the following message:
Conflicts are detected for the following settings: <setting name>. Select only one version with the value you prefer in order to continue.
Click Next.
On the Configuration page, you can review the selected settings and their values.
Click Next.
On the Profile info page, fill in the required Name field. Although the Description field is optional, I would recommend filling it out. – It’s always a great idea to leave some breadcrumbs, so others know precisely why someone created the configuration profile.
Click Next.
Choose either to assign the profile to "All devices/All users" or a group from the Assignments page. – I chose to assign this profile to "All devices", and then I’ve added a filter to only include corporate devices.
Note. You do not have to configure the assignment at this point if your organization is not ready for it.
Click Next.
Please carefully review your configuration on the Review + deploy page and click Deploy.
Important note. Some settings don’t migrate exactly and may use different settings or values. – Read more here
The page will redirect you to an overview of your configuration profiles in Intune, and in the Notifications area, you should see that the migration was successful.
Select the newly created Settings Catalog profile from the overview and scroll down to the Configuration settings area. You will see the settings we chose during the profile creation. Shortly after creating and assigning the profile, the devices should start returning some data to the dashboard within the configuration profile.
Summary
In this article, you learned how to use the new migration option within Group Policy analytics (preview) in Microsoft Endpoint Manager. This new possibility will, without a doubt, ease the burden of migrating on-prem policies to Intune. However, it’s not perfect, and you need to carefully review the settings you selected during the creation of the Settings Catalog profile.
Read more at Microsoft docs about what you need to know.
That’s it, folks. Happy testing!
If you have any questions regarding this topic, please feel free to reach out to us.
Sune Thomsen is based in Denmark, and he is a dedicated IT Consultant at Mindcore with over 19 years of experience in the IT industry. He has spent at least a decade specializing in client management via Microsoft Configuration Manager and Intune.
His key areas:
- Microsoft Intune (i.e., Autopilot, Windows 365, Endpoint Security, etc.)
- Client Management in general
- Application Management
- Cloud transitioning and building solutions toward the cloud
He's a Windows 365 and Windows MVP, an Official Contributor in a LinkedIn group with 41.500 members, and a Microsoft 365 Enterprise Administrator Expert.
Sune is passionate about community work and enjoys sharing his knowledge and experience and inspiring others via our blog. Besides blogging, he also writes newsletters on behalf of the Windows 365 community, does technical reviews for book publishers, and speaks at tech events.
Official Contributor here "Modern Endpoint Management":
https://www.linkedin.com/groups/8761296/