Intune – Use the Group Policy Analytics report to prepare the migration of your GPO to Endpoint Configuration Manager MDM

For years, IT administrators have been using group policy objects (GPO) – and still continue today – to manage/configure devices, both clients and servers.

With the move to a cloud-based devices management, the need to replicate as much as possible settings set using GPO is more and more relevant.

To help you prepare moving from GPO based to MDM policies based, you can use the Group Policy Analytics report available from the Intune/Endpoint Configuration Manager portal.

To start analyzing your GPO settings to find which settings can be implemented using Endpoint Configuration Manager MDM start by logging on on a device with the Group Policy Management console to export the GPO report and save it as XML file


Then connect to your Endpoint Configuration Manager portal ( and access the Devices\Group Policy Analytics blade to import the XML file generated above

NOTE the XML file to be imported can not be bigger than 1 Mb

image  image  image  image

You can import more than one XML file by repeating the above steps as many times as you need.

Once the import is completed, refresh the blade to view the list of imported GPO, showing the name of the GPO, percentage of coverage with MDM


Then by hitting the MDM percentage support you will get details about what is supported or not by Endpoint Configuration Manager MDM, when supported you will get the minimum OS version and the Configuration Service Provider (CSP) mapping (either policy, Bitlocker, Passport for Works (aka Windows Hello), Firewall or AppLocker CSP)


If you have imported more than one GPO report, you can have a global report by accessing the Reports\Group Policy Analytics blade


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.