The latest in Group Policy settings parity in Mobile Device Management

Posted by

This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.

By Go Komatsu – Sr. Program Manager | Windows and Aasawari Navathe, Program Manager II | Microsoft Endpoint Manager


Many organizations are looking to manage their endpoints via modern management to support the growing remote workforce and remove the need for on-premises connectivity. Years ago, the industry was starting to standardize on mobile management for endpoint management (through the Mobile Device Management (MDM) policy delivery channel). For Windows, it began standardizing with Windows Phone. At that time, it didn’t make sense to move over all Group Policy settings into modern management (via MDM). This resulted in an initial gap in management capabilities on MDM. Over time, with new Windows releases, we've continued to add more settings to MDM, but there were still some gaps that resulted in blocking customer migrations to modern management. Filling this long tail of MDM settings parity drove the need to focus on improvements to provide the best experience for customers.


Microsoft heard that customer feedback on MDM settings availability. Over the past year, both Windows and Microsoft Endpoint Manager – Intune teams were laser focused in closing that gap. If you are in the Windows Insider program, you may have noticed since H2 CY2020, new settings have become available in the Policy Configuration Service Provider (CSP) that were previously never available to customers in MDM. This was an intensive effort between several Windows component teams all trying to make sure that admins no longer considered setting availability in MDM as a blocker to move to modern management.


Over the past year, we also released Group Policy analytics in public preview. It is a tool and feature in Intune that analyzes your on-premises group policy objects (GPOs). It helps you determine how GPO settings translate to the cloud. The output shows which settings are supported by MDM providers, deprecated settings, or settings not available to MDM providers. There’s also the capability to directly migrate to a profile with those MDM settings in Endpoint Manager. Group Policy analytics also lists the settings and categories as they would be named when you make your eventual Device Configuration policy in MDM.


With the March, 2103 release of Microsoft Endpoint Manager and coming soon (expected), in the April, 2104 release of Intune, you will find:

  1. The device configuration settings catalog has been updated to list thousands of settings that previously were not available for configuration via MDM (Figure 1). You will see these as being marked as available for Windows Insiders only. These include settings from Windows components like Control Panel (Figure 2), which are critical for security and desktop standardization.
    Figure 1: Device configuration settings catalogFigure 1: Device configuration settings catalog

    Figure 2: Control PanelFigure 2: Control Panel

  2. The Group Policy analytics (preview) tool has been updated so that when you now go through the import process of your Group Policy object (GPO), the MDM Support column will reflect the newly available settings. computer_2_aasawari.png


Call to action: If you want to try out these new settings, you can target any devices on a Windows Insiders build (Build 21343 or later).


Further, you can also import your GPO into the Group Policy analytics tool for the latest data in the MDM Support column.


You can provide feedback on Group Policy analytics when you select Got feedback. To get information on the customer experience, the feedback is aggregated, and sent to Microsoft. Entering an email is optional, and may be used to get more information.


Upcoming milestones
The next key milestone will be a backport of these settings to in-market Windows versions. This will result in settings availability on Windows 10 2004 and newer releases. The estimated timeline for this backport will be H2 CY2021.


Learn more 
Policy CSP - Windows Client Management | Microsoft Docs


Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.

This articles are republished, there may be more discussion at the original link. But if you found this helpful, you're more than welcome to let us know!

This site uses Akismet to reduce spam. Learn how your comment data is processed.