Group Policy Analytics scripts: import or remove on-prem GPO report in Intune with PowerShell
In this post I will share with you two scripts I created that allows you to directly import a on-prem GPO report to your Intune tenant and also to remove one from intune.
You can also run the script to export GPO report from your on-prem environment and directly import them to Intune.
Context
- You have GPOs on your on-prem environment.
- You have an Intune environment and plan to migrate your GPO to Intune.
- You want to see how to implement each GPO from your on-prem env to Intune.
- You want to see if the on-prem GPO is compatible with Intune and what is the equivalent.
Get the scripts
Click on the GitHub picture below to get the two scripts.
PowerShell, Graph and Group Policy Analytics
In a previous post I explained how to manage Group Policy Analytics with PowerShell.
See the post here.
Now let's see how to automate this.
Import GPO report to intune
The script to use is: New-IntuneGroupPolicyReport.ps1
What does the script ?
With this script you can:
- Export your on-prem GPO to XML report
- Import those XML reports to Intune
How works the script ?
The script is called New-IntuneGroupPolicyReport.ps1
Some parameters are available:
- Export_GPO: export GPO report directly from the AD server
- All_GPO: export all GPOs in XML report. Works with switch Export_GPO
- GPO_Name: name of the GPO to export to XML format
- Domain: Specify the domain FQDN. Works with All_GPO switch
- AD_SRV: Specify the server AD name. Works with All_GPO switch
- XML_Path: Specify the path of the GPO XML report
- Check_Modules: Install required modules (could be slower)
An MS login will invite you to type your Intune credentials, as below:
See below some usage:
I will add some parameters to allow you to automate this without usingg the MS login screen.
Import in action
Export XML and import to Intune
In the below example I run the script from my AD server.
You can find on the Endpoint Manager part, staus before and after.
Import from the XML
In the below example I already have the XML report.
I have no access to Group Policy Management console.
You can find on the Endpoint Manager part, status before and after.
Remove a GPO report from Intune
The script to use is: Remove-IntuneGroupPolicyReport.ps1
What does the script ?
With this script you can:
- Remove a GPO report from the Group Policy Analytics page
How works the script ?
The script is called Remove-IntuneGroupPolicyReport.ps1
To use it, just add the parameter GPO_Name with the name of the GPO report to remove.
An MS login will invite you to type your Intune credentials.
See below some usage:
I will add some parameters to allow you to automate this without usingg the MS login screen.
Remove in action
In the below example I want to remove the GPO report GPO_Computer_Network.
This is the below one from the Endpoint portal part:
See below the portal page after:
Enregistrer un commentaire