Loading...

Group Policy Analytics scripts: import or remove on-prem GPO report in Intune with PowerShell


In this post I will share with you two scripts I created that allows you to directly import a on-prem GPO report to your Intune tenant and also to remove one from intune.

You can also run the script to export GPO report from your on-prem environment and directly import them to Intune.


Context

- You have GPOs on your on-prem environment.

- You have an Intune environment and plan to migrate your GPO to Intune.

- You want to see how to implement each GPO from your on-prem env to Intune.

- You want to see if the on-prem GPO is compatible with Intune and what is the equivalent.


Get the scripts

Click on the GitHub picture below to get the two scripts.


PowerShell, Graph and Group Policy Analytics

In a previous post I explained how to manage Group Policy Analytics with PowerShell.

See the post here.


Now let's see how to automate this.


Import GPO report to intune

The script to use is: New-IntuneGroupPolicyReport.ps1


What does the script ?

With this script you can:

- Export your on-prem GPO to XML report

- Import those XML reports to Intune


How works the script ?

The script is called New-IntuneGroupPolicyReport.ps1

Some parameters are available:

- Export_GPO: export GPO report directly from the AD server

- All_GPO: export all GPOs in XML report. Works with switch Export_GPO

- GPO_Name: name of the GPO to export to XML format

- Domain: Specify the domain FQDN. Works with All_GPO switch

- AD_SRV: Specify the server AD name. Works with All_GPO switch

- XML_Path: Specify the path of the GPO XML report

- Check_Modules: Install required modules (could be slower)


An MS login will invite you to type your Intune credentials, as below:


See below some usage:

I will add some parameters to allow you to automate this without usingg the MS login screen.


Import in action

Export XML and import to Intune

In the below example I run the script from my AD server.

You can find on the Endpoint Manager part, staus before and after.


Import from the XML

In the below example I already have the XML report.

I have no access to Group Policy Management console.

You can find on the Endpoint Manager part, status before and after.


Remove a GPO report from Intune

The script to use is: Remove-IntuneGroupPolicyReport.ps1


What does the script ?

With this script you can:

- Remove a GPO report from the Group Policy Analytics page


How works the script ?

The script is called Remove-IntuneGroupPolicyReport.ps1

To use it, just add the parameter GPO_Name with the name of the GPO report to remove.


An MS login will invite you to type your Intune credentials.

See below some usage:

I will add some parameters to allow you to automate this without usingg the MS login screen.


Remove in action

In the below example I want to remove the GPO report GPO_Computer_Network.

This is the below one from the Endpoint portal part:


See below the portal page after:



Intune GPO 3736060734415301826

Enregistrer un commentaire

Accueil item

Award

Sponsors

Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French


Stats