Importing AD Group Policies Into Intune Settings Catalog Profiles

...And analyzing GPO readiness for imports and migrations!

...and For Those Who Wanna Learn to Do Other Stuff Good Too!

This post is meant as both a stand-alone guide but also as a Part 2 for Running CIS Assessments for Hardening ( Well, kind of. 

I could have sworn I'd already done a write-up on how to import and migrate GPOs into Intune. But alas, I had not. Originally I was going to just add this as a subsection to my CIS blog post but it ended up being long enough that I reckoned it "deserved" a post of its own. 

So that said! It might be handy for you to read the CIS post before this one. But you don't have to as the logic is the same. 

Export a GPResult.xml file > Import it into Intune. 

Easy peasy!

If you’re not familiar with how GPOs work, then maybe give this post a read: Group Policy Administrative Templates (ADMX): What are they? How are they used?

Let's get this show started

Start with logging into Intune > Select Devices > and Group Policy Analytics in the menu:

Since we’re using CIS Build Kits, there’s no need to generate a Group Policy Report since it’s already there!

If you didn’t find this via my previous CIS post, then generating an xml report is easy! Go into GPMC > Right click the GPO you want to “export” > and Save Report... to export the GPReport.xml.

Alternatively, run this command in PowerShell:

Get-GPOReport -Name "[Target GPO]" -ReportType XML -Path "[Output Path]

Upload the GPReport.xml file and let it process.

Your imported Policy is now ready to be analyzed! Here we can see the MDM support is at 77%. This means that 77% of the policies contained within the object has an Intune equivalent.

Clicking on the percentage, you can see which policies can be imported as well as the CSP mapping. If you’re unsure about this part, then check out my other posts:

The screen below shows which MDMs are supported by CSPs. In this example, "Allow Diagnostics Data" isn't supported. 

Migrating Group Policies Into Intune

Go back to the previous window > Put a checkmark next to the GP you want to migrate > And then Migrate.

 And select the policies you want to migrate into your setting catalog profile. 

Click Next to see your Selection > Next to name the new Profile >  Next for Assignments > and finally Deploy.

And now we have our imported Group Policies in a neat Settings Catalog profile!

Pretty simple, eh?