Share via

Group policy Analytics (Intune) shows some policies are not supported and some other settings are missing

HM 26 Reputation points
2024-07-09T15:47:22.6333333+00:00

We are in processing of Rolling out Intune and during the import of On-prem GPOs to Group policy Analytics shows below: -

  1. Some of the settings are unsupported - How can i do about missing settings; how can I implement those policies? I've been trying to check in Configuration policy - I found some, but few others are still missing. Do I need to use OMA-URI? For ex, Account lockout policies are listed as not supported. I found the settings under Device restrictions (Configuration) but not all settings are listed.
  2. Some settings did not even show up as supported or unsupported. For ex: "Store passwords using reversible encryption"
  3. It shows some settings are deprecated, i see the count but i cannot see the settings, is there a way to see it?
  4. Is there a tool or some list which shows equivalent settings of on prem group policies vs Intune group?
  5. I found below link and is it correct approach to find the OMA-URI from below and set the path to the one listed in below link. Some policies contain more than 1 setting for ex: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/AccountLockoutPolicy contains "Account lockout threshold" , "Account lockout duration" & "Reset account lockout counter after". After I mention the path , how will it know which setting its applying, will it pick up the setting from name ?
    :- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-kerberos
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,088 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZhoumingDuan-MSFT 13,155 Reputation points Microsoft Vendor
    2024-07-10T02:23:43.23+00:00

    @HM, Thanks for posting in Q&A.

    Based on my research, Not all GPO settings have a direct equivalent in Intune. For settings that are unsupported or missing in Intune, you might need to use OMA-URI settings, so, without knowing exactly which settings you are referring to here, no concrete help can be provided except to go search the Settings Catalog. @Joost Gelijsteen posted a couple of great links.

    And finally, if you want to still some analysis and conversion, there is a tool called Group Policy Analytics that will help you with this: https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics

    Hope above information can be helpful.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.