By Go Komatsu – Sr. Program Manager | Windows and Aasawari Navathe, Program Manager II | Microsoft Endpoint Manager
Updated 9/20/21: This Windows update has now been released as part of the September 2021 patch Tuesday (KB5005565) for Windows 10 versions 2004 and later. This monthly update includes KB5005101 where these changes were made. These policies will only work on Windows Enterprise and Education versions. In addition, Windows 11 includes the necessary updates to make these policies work.
Many organizations are looking to manage their endpoints via modern management to support the growing remote workforce and remove the need for on-premises connectivity. Years ago, the industry was starting to standardize on mobile management for endpoint management (through the Mobile Device Management (MDM) policy delivery channel). For Windows, it began standardizing with Windows Phone. At that time, it didn’t make sense to move over all Group Policy settings into modern management (via MDM). This resulted in an initial gap in management capabilities on MDM. Over time, with new Windows releases, we've continued to add more settings to MDM, but there were still some gaps that resulted in blocking customer migrations to modern management. Filling this long tail of MDM settings parity drove the need to focus on improvements to provide the best experience for customers.
Microsoft heard that customer feedback on MDM settings availability. Over the past year, both Windows and Microsoft Endpoint Manager – Intune teams were laser focused in closing that gap. If you are in the Windows Insider program, you may have noticed since H2 CY2020, new settings have become available in the Policy Configuration Service Provider (CSP) that were previously never available to customers in MDM. This was an intensive effort between several Windows component teams all trying to make sure that admins no longer considered setting availability in MDM as a blocker to move to modern management.
Over the past year, we also released Group Policy analytics in public preview. It is a tool and feature in Intune that analyzes your on-premises group policy objects (GPOs). It helps you determine how GPO settings translate to the cloud. The output shows which settings are supported by MDM providers, deprecated settings, or settings not available to MDM providers. There’s also the capability to directly migrate to a profile with those MDM settings in Endpoint Manager. Group Policy analytics also lists the settings and categories as they would be named when you make your eventual Device Configuration policy in MDM.
With the March, 2103 release of Microsoft Endpoint Manager and coming soon (expected), in the April, 2104 release of Intune, you will find:
Call to action: If you want to try out these new settings, you can target any devices on a Windows Insiders build (Build 21343 or later).
Further, you can also import your GPO into the Group Policy analytics tool for the latest data in the MDM Support column.
You can provide feedback on Group Policy analytics when you select Got feedback. To get information on the customer experience, the feedback is aggregated, and sent to Microsoft. Entering an email is optional, and may be used to get more information.
This Windows update has now been released as part of the September 2021 patch Tuesday (KB5005565) for Windows 10 versions 2004 and later. This monthly update includes KB5005101 where these changes were made. These policies will only work on Windows Enterprise and Education versions. In addition, Windows 11 includes the necessary updates to make these policies work.
Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.
9/20/21 - Updated Upcoming milestones section.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.