Intune – Use the Group Policy Analytics report to prepare the migration of your GPO to Endpoint Configuration Manager MDM

For years, IT administrators have been using group policy objects (GPO) – and still continue today – to manage/configure devices, both clients and servers.

With the move to a cloud-based devices management, the need to replicate as much as possible settings set using GPO is more and more relevant.

To help you prepare moving from GPO based to MDM policies based, you can use the Group Policy Analytics report available from the Intune/Endpoint Configuration Manager portal.

To start analyzing your GPO settings to find which settings can be implemented using Endpoint Configuration Manager MDM start by logging on on a device with the Group Policy Management console to export the GPO report and save it as XML file


Then connect to your Endpoint Configuration Manager portal ( and access the DevicesGroup Policy Analytics blade to import the XML file generated above

NOTE the XML file to be imported can not be bigger than 1 Mb

image_thumb[1]  image_thumb[2]  image_thumb[3]  image_thumb[4]

You can import more than one XML file by repeating the above steps as many times as you need.

Once the import is completed, refresh the blade to view the list of imported GPO, showing the name of the GPO, percentage of coverage with MDM


Then by hitting the MDM percentage support you will get details about what is supported or not by Endpoint Configuration Manager MDM, when supported you will get the minimum OS version and the Configuration Service Provider (CSP) mapping (either policy, Bitlocker, Passport for Works (aka Windows Hello), Firewall or AppLocker CSP)


If you have imported more than one GPO report, you can have a global report by accessing the ReportsGroup Policy Analytics blade