Intune- Decommissioning Admin rights policy

Xiomara Gonzalez 40 Reputation points

Dear Team,

We are reaching out to discuss the configuration of admin rights policies in Intune and explore options for a smoother transition while decommissioning our GPO.

Our current objective is to shift from Group Policy Objects (GPO) to Intune policies, ensuring a more efficient and streamlined management process. However, we are aware that transitioning users from GPO to Intune could potentially cause disruptions during the exclusion and inclusion phases. Moreover, we've been informed that users must be physically present at our company's premises and connected to the network for Intune policies to take effect, which may lead to some inconvenience.

We are keen to explore alternative approaches that can minimize disruptions and provide a seamless user experience. Our goal is to optimize the transition process and ensure that users can smoothly pick up Intune policies without any interruptions.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,083 questions
{count} votes

Accepted answer
  1. Crystal-MSFT 40,706 Reputation points Microsoft Vendor

    @Xiomara Gonzalez, Thanks for posting in Q&A. Moving from Group Policy Objects (GPOs) to Intune policies can be a smoother process if handled properly. Microsoft recommends two primary methods for implementing Intune policies while decommissioning GPOs:

    1. Create new policies using Intune: Microsoft suggests creating new policies in Intune and deploying them to your cloud-native endpoints in order to validate and simplify your existing enforced policies. This option is recommended because it allows organizations to eliminate legacy, forgotten, or even harmful policies while prioritizing the policies that apply to cloud-native endpoints. Intune has built-in templates, or you can create custom policies.
    2. Migrate policies from GPO to Intune: Migrating policies from GPO to Intune can be a more complex process than creating new policies in Intune, and it can be time-consuming. However, you can use Intune's Group Policy Analytics tool to analyze your GPOs, identify which policies are cloud-ready, and import them into Intune with ease. While this option requires organizations to review and analyze their existing policies, it allows them to retain their investment in GPOs and import policies into Intune that are still applicable to cloud-native endpoints.

    Regarding user disruptions during exclusion and inclusion phases, Intune policies can be deployed without the need for physical presence at the company premises or network connection. Intune policies can be configured to apply to devices that are always on and connected to the internet, which means that users can receive Intune policies even outside the office. Moreover, Microsoft recommends organizations to communicate and involve users in the transition process, which improves awareness, trust, and expectation management.

    Overall, Microsoft Intune offers a range of options for organizations to configure and manage their cloud-native endpoints, including creating new policies, migrating policies, and deploying policies to devices always-on. By carefully reviewing their existing policies and infrastructure, organizations can create a smoother transition to Intune policies with minimal disruption. Communication and user involvement can help organizations create awareness and manage expectations throughout the transition process.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful