View Blog

Apr 2022
04

Many organizations are choosing to use some type of MDM provider to manage their mobile devices.  Some organizations are even turning to MDM for all of their client devices.  If you have been relying on Group Policy to deliver configuration and security settings to these your Windows devices, you should know that there is still a disparity gap between between Group Policy and an MDM such as Microsoft Endpiont Manager (MEM) when it comes to setting coverage.  While Microsoft has closed this gap considerably over the past couple of years, there are still a number of Group Policy settings that MEM and other MDM solutions don’t accommodate.   Obviously, you need to know what settings can’t be replicated when considering a move to MDM.

MEM now provides an easy to use tool called Group Policy Analytics (Preview) that will analyze your on-premise GPOs and determine how they will translate into the cloud.  It will analyze a specific GPO and identify which settings are supported in the MDM, which ones have been deprecated and which ones are simply not available.  The first step is to select the GPO you want to test out in the Group Policy Management Console.  As shown in the screenshot below, simply right click on your selected GPO and choose “Save Report.”  Save it as an XML file.

The next step is to import the XML file into MEM.  Using the MEM admin center, go to Devices > Group Policy analytics (preview).  Select Import and point to the saved XML file as shown in the screenshot below.  Note that the saved XML cannot be larger than 4 MB. 

Click the X in the upper righthand corner and wait for the analyzation process to complete.  You will then see the percentage of settings are supported by the MDM.

Now click on the stated percentage and review the status of all your settings.  The supported settings will list the corresponding CSP mapping in the righthand column as shown below.

Group Policy analytics is a great tool to determine the MDM setting coverage of your GPOs.  If any of the non-supported settings are critical to your management or security policies, you may want to continue using Group Policy for a while longer or utilize a third-party settings management solution.

 

Comments (0)

No Comments!