Australia | How to Use Endpoint Manager Group Policy Analytics

Nick Thomas - 24.06.202220220624

How to Use Endpoint Manager Group Policy Analytics

Australia | How to Use Endpoint Manager Group Policy Analytics


Group Policy Objects (GPOs) have been utilised by organisations for over 20 years now. Their main function is to control what a user can or cannot do on a computer system by configuring user settings and computer or administration settings on different devices within a domain. 

These days, many companies choose to migrate to the cloud – an easier system where documents and data can be stores on a limitless infrastructure without the need for external storage devices and hard drives. Now that many organisations are looking to fully adopt these cloud solutions, tools such as Microsoft Endpoint Manager are used to manage workloads more efficiently and Microsoft have introduced a tool that helps with the Group Policy side of things called Group Policy Analytics. 

To determine which GPO settings can be successfully migrated to the cloud, a full review of the on-premises GPOs must be undertaken initially. This is to save time and to ensure that you aren’t looking for a setting that doesn’t exist, and the best way to do so is to use the Group Policy Analytics functionality within Microsoft Endpoint Manager. 

It analyses your on-premises Group Policy Objects and shows you if the settings are supported in MDM providers including Microsoft Intune, within Endpoint Manager. It also informs you of any settings that have since been deprecated or are not available. 

In this blog post I will explain how to use the Group Policy Analytics in Microsoft Endpoint Manager.  



  1. Log on to your on-premises server which has access to Group Policy and open the Group Policy Management app (GPMC.msc) 
Australia | How to Use Endpoint Manager Group Policy Analytics
  1. Expand your domain to see all your GPOs 
  2. Right click on one of your GPOs and select Save Report… 
Australia | How to Use Endpoint Manager Group Policy Analytics
  1. Save the file to an accessible folder, making sure you give it a sensible name and save it as an XLM file. You will be importing this file into Intune later 
  2. Do this for every GPO that you want to migrate to Intune 


  1. Log into the Microsoft Endpoint Manager admin center 
  2. Click on Devices, then Group Policy Analytics (Preview) 
  3. Click Import, and select the XML file that you saved previously 
Australia | How to Use Endpoint Manager Group Policy Analytics
  1. After the analysis has run, the GPO you imported will be listed in the table with the following information: 
Group Policy Name This is populated from the information in the GPO 
Active Directory Target This is generated using the OU (organisational unit) target information in the GPO 
MDM Support This shows the percentage of group policy settings that have the same setting in Intune 
Unknown Settings Some settings cannot be analysed. The GPOs are listed here 
Targeted in AD Yes means the GPO is linked to an OU in the on-premises GPO. No means the GPO is not linked to an on-premises OU 
Last imported This is the date of the last import for that GPO 

Note: You can import all of the GPOs that you want to migrate to Intune. You can also export the list to a detailed CSV file 

Australia | How to Use Endpoint Manager Group Policy Analytics
  1. Click on the MDM Support percentage for one of the policies to view more information: 
Setting Name The name is automatically generated using information in the GPO setting 
Group Policy Setting Category Shows the setting category for GPO (ADMX) settings 
ADMX Support Yes means there’s an ADMX template for this setting. No means there isn’t an ADMX template for the specific setting 
MDM Support Yes means there’s a setting available in Endpoint Manager that matches. A device configuration profile can be configured for this setting. No means there is not a match in the settings available to Intune 
Value This shows the value imported from the GPO. It can show different values, such as true, false, 900, Enabled etc. 
Scope This states if the GPO you’ve imported targets devices or users.  Min OS Version displays the minimum Windows operating system version build numbers that the GPO setting applies to. It might show 18362 (1903) for example 
CSP Name A Configuration Service Provider (CSP) exposes device configuration settings in Windows 10. This column shows the CSP that includes the setting 
CSP Mapping This column displays the OMA-URI path for the on-premises policy. You can map this in a custom configuration profile for a device 


The Group policy migration readiness report gives you shows you a summary of your GPO settings in a graphical view. 

  1. Within Endpoint Manager, click Reports, then Group policy analytics (preview) 
  2. In the Summary tab, a summary of your imported GPOs and their policies are shown. Use this information to determine the status of the policies in your GPOs: 
Ready for migration The policy is ready to be migrated to Intune as it has a matching setting 
Not supported This means the policy doesn’t have a matching setting. This normally means the policy settings aren’t exposed Intune 
Deprecated The policy has been deprecated but might apply to older Windows versions, older Microsoft Edge versions, and more policies that aren’t used anymore 
Australia | How to Use Endpoint Manager Group Policy Analytics
  1. Next, click on the Reports tab, and then Group policy migration readiness. Within this report, you can: 
  • See the number of settings in your GPO that can be configured in a device configuration profile. It also shows if the settings can be in a custom profile, aren’t supported, or are deprecated 
  • Filter the report output using the Migration Readiness, Profile type, and CSP Name filters 
  • Select Generate report to get current data. (You might see Generate again
  • View the  list of settings in your GPO 
  • Find specific settings by using the search bar 
  • See when the report was last generated with a time stamp 
Australia | How to Use Endpoint Manager Group Policy Analytics


I hope this has helped in what can be a painful area in moving your GPO settings to Endpoint Manager. I certainly use it and find it extremely useful. Microsoft have announced that they are working on taking this one step further and implementing a tool that will also migrate your settings for you! Let’s hope this is right around the corner. 


Australia | How to Use Endpoint Manager Group Policy Analytics

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

Australia | How to Use Endpoint Manager Group Policy Analytics

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.