Microsoft Intune policy and Local group policy editor.

Vishnu Anand 185 Reputation points
2024-09-18T09:46:54.19+00:00

We have implemented numerous Intune policies on Windows devices, including password policies. I can see these changes in the registry editor, but they are not appearing in the Local Group Policy Editor. Is there any reason for this?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,079 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 48,746 Reputation points Microsoft Vendor
    2024-09-19T01:40:28.76+00:00

    @Vishnu Anand, Agree with Pavel, Local Group policy and Intune policy are two methods to change device settings. So I think the Intune policy change will not appear on Local Group Policy. Here are more details to help you understand.

    In General, CSPs are an interface that is used by mobile device management (MDM) providers to read, set, modify, and delete configuration settings on the device. Typically, it is done through keys and values in the Windows Registry. Based as I know, Intune policy use Syncml to deploy OMA-URI which is basically a path to a specific CSP and setting. The CSP settings map to registry keys or files on the end-user client.

    User's image

    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-configuration/deploy-oma-uris-to-target-csp-via-intune

    For group policy, once the policies are brought down to the client, the individual client-side extensions (CSE) will apply the policies to the appropriate areas.

    User's imagehttps://techcommunity.microsoft.com/t5/ask-the-performance-team/the-basics-of-group-policies/ba-p/372404

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,581 Reputation points MVP
    2024-09-18T12:35:04.36+00:00

    I believe it is by design because Intune as MDM protocol engine, is different than Group Policy management. At the end, both MDM and GPO management layers do alter registery which makes the effect to happen.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.