How to Safely Decommission GPOs as We Transition to Intune?

By
Elli Mongillo
-
0
3
Asked By TechSavvyNinja42 On

Our organization is starting to migrate our Group Policy Objects (GPOs) to Intune, and we have some important questions about decommissioning these GPOs. Currently, all our computers are hybrid domain joined, which adds a layer of complexity. Here's the plan I'm considering: First, I'll analyze a GPO using group policy analytics. Then, I'll create the necessary configurations in Intune and apply them to the computers. After that, I'm wondering if it's okay to unlink the GPO from Active Directory at this stage. Will there be potential conflicts if I assign the policy in Intune before unlinking? Also, should I just unlink the GPO, or do I need to set up a new GPO with all original settings marked as 'not configured' before doing that? Any insights would be greatly appreciated!

5 Answers

Answered By SysAdminWiz On

Remember that just marking a parameter ‘not configured’ in GPO won’t revert it to default. You’ll have to set each value to its default manually, and unlinked GPOs won’t clear any settings that were previously applied. It’s crucial to have at least two testing groups: one with devices that had GPOs applied and another for fresh installations with only Intune settings. That way, you can ensure both setups work as intended.

Answered By DesktopDynamo77 On

Why not do a trial run with a couple of VMs and some physical PCs before fully committing? That way, you can see how everything plays out with your specific setup and make adjustments as necessary.

Answered By PolicyMaster88 On

It’s super important to consider that settings applied by a GPO will remain unless something else changes them. To keep consistency across your devices, you'll want to remove those GPO settings first so new devices get the same treatment as the older setups. Just to avoid confusion later on.

Answered By GPOGuru23 On

Make sure to read up on GPO tattooing – some GPO settings might stick even after you remove the policy. Depending on what your GPOs contained, Intune could apply the settings differently, so it’s wise to test everything out, especially if you have several devices to transition.

Answered By CloudWarrior99 On

It’s definitely better to unlink the GPOs. Just a heads up, you should run a command to reset the settings back to default first. Keep in mind that Intune policies don’t map one-to-one with GPOs. For example, password policies may not be fully configurable in Intune, so ensure that what you need is covered before proceeding.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.