This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi Folks,
I need clarification and guidance if my current Hybrid Azure AD joined device still using Group Policy will not conflict with Intune when I enrol it en-masse.
Will there be any conflict or problem later on when the existing AD DS Group Policy is still applied to the workstation when managed by Intune?
In case there is a conflict or issue, which one takes precedence, the On-Premise AD DS group Policy or the Intune Policy?
Any help would be greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@EnterpriseArchitect , Thanks for posting in Q&A.
In General, Intune uses policies that help you manage settings on Windows PCs. Many Intune settings are similar to settings that you might configure with Windows Group Policy. However, it is possible that, at times, the two methods might conflict with each another. When conflicts happen, domain-level Group Policy takes precedence over Intune policy.
Starting with Windows 10 1803, there's a setting named MDMWinsOverGP can allow the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device. But it only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs. Here is a link with more details for the reference:
https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict
To avoid issue, it is recommended to migrate policies from Group policy to Intune. You can analyze your on-premises GPOs using Group Policy analytics in Microsoft Intune. And then do migration. Here are some articles for the reference:
https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics
https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics-migrate
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Crystal-MSFT , thank you for the update and explanations. Can Intune be deployed automatically companywide using Group Policy or it must be manually setup / deployed using deployment tools like SCCM?
@EnterpriseArchitect , Thanks for the reply. I am glad the information can help.
In General, Intune is a cloud service to manages app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune
To manage device, we can deploy configuration policies to device group or user group. Here is a link describe the different types of profiles you can create In Intune.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profiles
But before we can manage the device, we need to enroll the devices into Intune, here is a link describe some enrollment methods for your reference:
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment#windows-enrollment-methods
Hope the above information can help you understand it better.
MDMWinsOverGP
We strongly recommend that you avoid using this policy setting. It has many caveats that almost certainly will cause you issues. Control conflicts by not targeting the same settings from both authorities to the same devices. Definitely start your journey to using Intune for policy management ASAP and moving away from group policy is which more or less now legacy.
Hi @Jason Sandys , Thank you for the suggestion, is there any comparison or Pros and Cons between the Intune Policy vs. Group Policy?
I'm curious which settings cannot be done via Intune Policy.
is there any comparison or Pros and Cons between the Intune Policy vs. Group Policy
Honestly, the only significant pro v con is that group policy is legacy as noted.
I'm curious which settings cannot be done via Intune Policy.
We don't have any comparison documentation as there are few significant differences when it comes to actual policies. Those that do exist either are not valid in a cloud native world or should generally be considered as not best for use in a cloud native world. The links posted by @Crystal-MSFT are a great starting point to begin your journey.