How to Use Group Policy Analytics in Intune Portal | Endpoint Manager

In this blog I will show you how you can use the Group Policy Analytics option in Intune. Group Policy Analytics is a very handy feature that can analyze your on-premises GPO’s. If your organization is still having an hybrid environment you are most likely still using Active Directory and group policies. I see quite a lot of customers wondering how do we translate the settings, which we have configured through group policies, into a solution like Intune. The Group Policy Analytics feature can help you and gives you a good idea which GPO settings are also available in Intune.

So, let’s get started. First you need to export a group policy (gpo) as a XML file. I won’t show you how to export a group policy. I assume that everyone knows how to export a group policy. Sign in to the Microsoft Endpoint Manager admin Center. You can use this link: https://endpoint.microsoft.com/.

Now navigate to Devices>Group Policy analytics (preview) and choose Import.

Click on the “Folder” icon and browse to the folder where you have placed the exported group policy, xml file.

Intune will automatically analyze the GPO settings in the XML file and will give the status “Import Completed” after completion. After importing the XML file you can close the screen with X located in the right upper corner.

The imported GPO shows a lot of interesting information. :

1. Group Policy name: The name is automatically generated using information from the imported GPO.
2. Active Directory Target: The target is automatically generated using the organizational unit (OU) target information from the imported GPO.
3. MDM Support: Shows the percentage of group policy settings in the GPO that have the same setting in Intune. In the case of my imported policy, a percentage of 33% corresponds to settings that are also available within Intune.
4. Targeted in AD: Yes means the GPO is linked to an OU in an on-premises group policy. No means the GPO isn’t linked to an on-premises OU. I haven’t linked my GPO to any OU at this moment.
5. Last imported: Shows the date when the GPO was imported.

When looking at “MDM Support” it will show you the percentage of supported group policy settings in the GPO that have the same setting in Intune. Click on the MDM Support percentage for a list with more detailed information. I’m not going to explain all the settings, but I’ll just highlight a few.

1. Setting Name: The name is automatically generated using information from the imported GPO.
2. Group Policy Setting Category: Shows the setting category for GPO (ADMX) settings
3. MDM Support: Yes means there’s a matching setting available in Intune. You can configure this setting in a “Device Configuration Profile“. And no of course means that there is no matching setting and no mapping can be made to Intune.

You can also use the Group Policy Migration Readiness Report to get more information. This option can be found under Report>Group policy analytics (preview). I will not discuss this topic further in this blog, but if you want more information about imported GPOs, you can go there.