Migrating existing policies from AD – Group Policy management
It’s possible to migrate your existing Active Directory-based group policies into Microsoft Intune. This can be done with the Group Policy analytics feature.
Many businesses that are looking at Microsoft Intune management need a good path to the new modern workplace. The translation of existing policy settings to Intune can be tricky. This service will make life much easier for IT admins. Let me explain in more detail what Group Policy analytics does and how you can use it yourself; it can be found on the Devices blade:
Figure 9.18: Group Policy analytics
- First, make sure to perform an export of your existing policy settings from within your on-premises Group Policy Management console.
- Export the policies by right-clicking and selecting Save Report….
- Save the files somewhere centralized, as we need to upload them to Microsoft Intune:
Figure 9.19: Save the policy report
- In the Microsoft Intune admin center, select Devices | Group Policy analytics.
- Click on Import:
Figure 9.20: Import
- Search for the policy report file you exported:
Figure 9.21: Import the GPO files
NOTE
When you have multiple policies, you can upload them all here, too, for further analysis.
- After you run the policy analysis, you will see the MDM Support column (which also applies to Windows), showing how many of your settings/policies are also available in Microsoft Intune to migrate from GPOs to Intune settings on a 1:1 basis:
Figure 9.22: MDM Support
- You will get the information you need to proceed. The GPOs you imported are now all listed with the following information:
- Group policy name: The name is automatically generated using the information in the GPO.
- Active Directory Target: The target is automatically generated using the Organizational Unit (OU) target information in the GPO.
- MDM Support: This shows the percentage of Group Policy settings in the GPO that have the same setting in Intune.
- Targeted in AD: Yes means the GPO is linked to an OU in an on-premises Group Policy. No means the GPO isn’t linked to an on-premises OU.
- Last imported: This shows the date of the last import.
Figure 9.23: Default Domain Policy
With Group Policy analytics, you import your on-premises GPOs. The tool analyzes your imported GPOs and shows the settings that are also available in Microsoft Intune. For the settings that are available, you can create a Settings Catalog policy and then deploy the policy to your managed devices.
- After you have imported your GPOs, you can select the GPO that you want to migrate to Intune by clicking the Migrate button.
Figure 9.24: Migrating GPOs to Intune
- You need to select the GPO settings that you want to migrate and then click Next:
Figure 9.25: Migrating GPOs to the cloud
These are the settings you’ve identified as necessary to your organization as you move to cloud-based policy management. Configure the setting values as per your organization’s requirements. Where possible, we configured the settings values as per the Group Policy:
Figure 9.26: Migrating GPO settings
- You need to give the new settings catalog profile a name:
Figure 9.27: Migrating profile info
- Continue with the guide to add scope tags and assignments, and then finally deploy the policy. You can skip the assignment and the policy will be created without an active assignment.
Figure 9.28: New browser policy
You have successfully migrated your browser policy and are ready to test it on Intune-managed devices before you deploy the policy at scale.
This concludes the section on Group Policy analytics, which can help you with your policy migration from on-premises GPOs to Microsoft Intune MDM policies.
