Migrating on-prem GPOs to Intune

In this post, we will see how to migrate GPOs located in an on-prem environment (Active Directory) to Intune.

How does it work ?

To import GPOs from an on-premises environment into Intune, we'll do it in few steps:

1. Export GPOs from the on-prem environment

2. Import GPO profiles into Intune

3. Migrating GPOs to Intune

Importing GPOs to Intune

We will first retrieve your GPOs from your Active Directory.

To do this, you will need to export your GPOs in XML format.

Once your GPOs have been exported in XML format, you will need to import them into Intune.

Onboarding into Intune does not mean that your GPOs will be migrated.

Indeed, importing XML profiles into Intune allows you to list all your GPOs on-prem to quickly see which ones are compatible and have an equivalence in Intune.

Below is an overview:

You can find more details in my article here.

You will also find the equivalent in PowerShell, here.

Migrating GPOs to Intune

We have exported our on-premises GPOs and then imported into Intune.

The idea now is to migrate those that are compatible in Intune.

Since March 2022, Microsoft has integrated a new feature allowing you to migrate your GPOs into Intune.

We will now see how to proceed.

1. Go to the Intune portal (MEM)

2. Go to Devices > Group Policy analytics

3. Select a GPO profile

4. This will list profile details

5. Click Migrate

6. You can choose which GPOs to migrate

7. Here we will select everything

8. Click Select all on this page

9. Click Next

10. A summary of your settings is displayed

11. Click Next

12. Choose a name for the new profile

13. Click Next

14. Choose a group

15. Click Next

16. A new profile will be created