How to Migrate Group Policies into Microsoft Intune!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this session we're going to migrate group policies from Windows Server into Microsoft InTune and it's so easy to do so check it out you're going to learn something [Music] greetings fellow YouTubers it's a Friday how are you my goodness me I've just realized I've been a Microsoft certified trainer for 25 years how scary is that okay so um for any of you out there who have been on my training courses I take my hat off to you and thank you so much for joining me on this journey on today's episode I thought I would take a look at a request from a number of people Microsoft of course in InTune have a tool which allows you to migrate Group Policy settings into Microsoft into now in the past this was always done through Powershell and it was somewhat clumsy but I'm delighted to say it is so much easier now so what we're going to do is I'm going to talk you through the basics of kind of group policy and just a little bit of how it works and then I'm going to talk about preparing the migration report and actually going through the migration itself now if you've not subscribed to my Channel please come on board and help me out only 20 percent of you have subscribed at the moment so come on show me some love uh bum the Subscribe button up there ring that Bell and come on board and join our great learning community and if you enjoy this session as always please bump the like button it does make a difference to my channel now if you've got questions about this or any of my other topics of course just get those down below okay well I think without any further Ado let's jump in have a look at the demos quite a large demo today so I really hope that you enjoy so to begin our journey into Group Policy migration I guess the first thing we need to understand is actually group policies themselves group policies were really first came around in 1995 with Windows 95 and essentially they segment the user portion of the registry as opposed to the computer portion of the registry so for example if you have a group policy setting based on a computer configuration it will affect any user who logs on at that device likewise user configurations affect users irrelevant of the device that they actually log into and you can see it's very much a folder Hive type construction and you can see that in this case I've got a number of different organizational units and you can notice that there are little arrows just to the left of these organizational units now now you'll notice that by default we get a default domain policy of course and that affects every user and it essentially follows that user from device to device uh now um we have a number of different organizational units here and there's one particular one that I want to take a look at so I'm going to expand out my group policy settings and you can see that here I've got a group policy called the windows client client policy and I'm going to go ahead and edit this policy and and you can see here that I've got a specific computer and a user configuration now again just as a quick review you can see that we have both policies and preferences policies are permanently written into the device registry and preferences are not permanently written so they're kind of optional settings if you will so you can say I can come into for example my administrative template policy here and basically what you have here is you have a number of default settings and these are actually created in what we call admx template format and you can go in here and you can configure things like browser settings things like system settings for example you can also configure a popular one is the a start menu and taskbar settings so for example if you wanted to restrict any of the items on that and you can see it's essentially enforcing that or writing that into the registry of that device so the next time that the user logs in this policy would then kick into them so now that we've created our policies the first thing that we want to do is obviously migrate that policy so what you would typically do here you would obviously go into the policy settings and configure it exactly how you want it so the next thing that we want to do is we now want to go ahead and we want to generate a report so to do that really simple you just right click the group policy object and choose to save the report now when you save the report it'll offer a name if you want to change it go ahead and very importantly you just need to click on the drop down arrow and just save that as an XML file so now I'm going to go ahead and click on Save and now that that report is generated I can simply close down the group policy objects and I'm going to go back into my portal now here in InTune I'm going to come into devices and in the devices area we have group policy analytics this tool is so much easier than the previous Powershell now you can see that you can both import group policies and more importantly you can also export them as well I had that question on my channel the other day so just simply import our group policy setting I'm simply going to go ahead I'm going to browse my PC and there it is there is my XML file and I'm going to just import that now so that can take a moment or two just to come in and again likewise as before if you have any scope tags that you've created of course you can add them in as well now for the purpose of this demo I haven't gone ahead and done that so once I'm happy that everything is fine I'm just going to click on next and now you can see that the group policy has indeed come in now uh you'll notice that we have a number of options first of all I've not actually imported it yet all this is done is just simply generate a report and you can see here just there's a little score there it says you currently there is 90 support for those Group Policy settings and so that means any configurations that you've got in your domain environment will come through to your new devices in Azure active directory so that is absolutely awesome so you can go through as you can see the various policy settings here and you can see which policies are supported and which policies are not and this is great because you can then go in so decide whether you is it going to be fine for you you or not you can also see how the policies are actually mapped as well so you can see it talks about the device the value the device ID and also how it's mapping in Azure active directory via InTune as well so this is absolutely awesome so as I've mentioned any scope tags that you've created you can also view these here as well and as I said this is fantastic because you can filter so if you want to filter certain objects or certain pieces of software or certain settings you can do that as well now you'll notice that you can also migrate from there but you can also once you're happy you can migrate from the main portal as well so again this is something that you wouldn't kind of just do on a whim you would obviously plan it carefully you would analyze those settings accordingly so so now that we're ready to go I can simply select the policy and when I'm happy that I either want to import it or export it again I can also click on that migration tool now you can see in the group policy analytics preview it gives you a nice overview as I said it shows me that I've got 90 percent of the settings available and again I can also view the MDM support so you can actually go into the policy itself and it would show you if there were any kind of issues here and in this case you can see that everything's looking pretty good so I'll just go ahead and click on the back button now another issue that you might come across are obviously during the migration process if there are any unknown settings these are for example could be third-party settings third-party apps or something like that that is simply not compatible with uh mobile device management and you can see that you can although we've got the 90 here um you can also go in which you know you can see here you can go in and view that report everything looks uh absolutely fine here you can also see that anything that's got a little triangle uh could indicate that there's a potential problem and of course that that might not be compatible so again that's something that you probably uh want to watch out for um as I said this is something that you wouldn't do on a whim you would go through each of these settings uh kind of Step by Step um when you are ready to migrate you can click on that either the migrate button here or back in the group policy migration tool to be honest it's pretty much the same thing and here you can choose which settings that you actually want to go and migrate now you'll notice here that the incompatible settings are actually grayed out and won't be included here but I'm happy that these will be acceptable to me so I'm going to go ahead and select all of those I'm going to click on next to proceed and now you get a quick overview of all of those settings what you want to do is obviously give the migration job a name so I'm just going to call it client migration I'm being original here you can put in a description and when you're happy I can just go ahead and click on next now if you want to add in any scope tags so for example machine types or anything like that you can do that here now in terms of how to deploy you can add a particular group so if you've got a group of computers if you've got a group of users but in this example I'm only using one device so I'm just going to use everyone because it's just one device so I'm happy I'm going to go ahead and click on next and I'm going to go ahead and confirm that migration so yeah off it goes and as I said depending on the size and the amount of Group Policy settings it might take a little bit of time but generally it's accomplished pretty quick but I mean when you look back a couple of years ago ago when all of this was configurable by Group by Powershell this is so much easier to use I really got to tell you okay so once that migration is actually complete you can just refresh the screen it just takes a couple of minutes to refresh and I can go back in now to the uh devices so if I go into the configuration settings so I'm just going to come down here into my devices and you can see that in here I've got my devices and of course I want to take a look at my configuration settings and you've got a number of different configuration settings here you can you've got a monitor option and you can also see that the policy has now successfully come across you can also import your own admx files in there as well by the way now at the moment my client machine is not logged off and logged back on again so it's they've not been applied at the moment but you can see this is essentially what would happen here so again there's that policy I can go through I can edit the tags I can edit that policy from here I can edit those settings I can choose who I want to deploy this policy to because the fact is it's now in as a configuration profile in Microsoft InTune and as I said if you've got your own admx templates to maybe third-party applications this is awesome because you can also import those as well so there you go so there you have it migrating Group Policy settings across into Microsoft InTune it's not as scary as it looks is it Hey listen I really hope that you enjoyed this session remember you can get documentation on all of this on learn.microsoft.com so definitely go ahead and check that out that's it for this week I really hope you enjoyed the session if you did bump the like button it does make a difference and if you've not subscribed well hell come on board come and join my great learning community and I really do appreciate it and comments questions about this or any of my other sessions just as always get those down below that's it for today I'll see you next time hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out foreign [Music]

Info

Channel: Andy Malone MVP

Views: 16,431

Rating: undefined out of 5

Keywords: How to Migrate Group Policies into Microsoft Intune!, Andy Malone MVP, Microsoft 365 Intune device management, MDM, Mobile device management

Id: 5YdLte5spWw

Channel Id: undefined

Length: 15min 8sec (908 seconds)

Published: Fri Jun 30 2023