Migrate GPO to Intune and do Hybrid Azure AD join

Testa 551 Reputation points
2023-08-28T07:28:27.7833333+00:00

Hi,

My client uses only GPO with AD joined. They would like to do Hybrid AAD join and register all the devices to Intune Automatically. They also want to migrate GPO to Intune as well. My questions:

1, They should do Hybrid AAD join first or it does not matter?

2, The documents below for the steps to set up Hybrid AAD join are correct? Is there anything we should be careful?

https://learn.microsoft.com/en-us/azure/active-directory/devices/how-to-hybrid-join#managed-domains

3, To register devices to Intune automatically, the steps ("select Windows Enrollment > Automatic Enrollment. In the configuration, you set the MDM user scope and MAM user scope:...") can be used, right? We do not need to use group policy?

https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows#windows-automatic-enrollment

4, As for migration of GPO to Intune, what steps should we take if the GPO language is not in English (I believe it only support in English right now)?

https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics#known-issues

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,332 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,992 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,452 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lu Dai-MSFT 28,391 Reputation points
    2023-08-29T02:25:20.4666667+00:00

    @Testa Thanks for posting in our Q&A. I will answer your questions:

    1.Yes. We should do Hybrid AAD join first.

    2.You can refer to this article.

    3.It is needed to configure automatic enrollment. If you want to enroll devices using group policy, we still need to use group policy to do enrollment.

    4.Currently, there is no method can make it. It is suggested to try to manually deploy configuration profiles that the settings are same as the related GPO.

    https://learn.microsoft.com/en-us/mem/intune/configuration/administrative-templates-windows

    Hope it will give you some ideas.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.