Change Group Policy Settings Via Intune
Be able to change registry files or group policy settings remotely, more than just the limited restriction policies available in the portal
+1 for this request. There are organizations that are ready to ditch on-premises Active Directory completely and move to using Azure AD. However, Intune really falls short in capabilities when compared to traditional Group Policy.
Intune would be perfect if you could like "Group Policy Object" like policies through Intune to configure the users environment.
Jeremy Moskowitz, Group Policy MVP commented
As a Group Policy MVP and founder of a software company around these challenges, please let me add something here.
So, co-management with Group Policy is possible, but it's not Microsoft's job or on their to-do list to copy over all GP, GPPrefs, and GP-security settings to MDM land. They want to open NEW scenarios, and that might mean that EXISTING GP items do not come over. I realize of course that this is something people want.. and .. there is an answer.
You can check out PolicyPak On-Prem & MDM which can actually do this PRECISE thing.
(Videos to see at: https://www.policypak.com/integration/policypak-and-mdm-utilities.html)
We've helped customers migrate over existing GPOs to MDM land.
Two more resources too, to help clear this up. Resource #1 is me with Microsoft at Ignite 2017 talking about what they WILL and WONT do, when it comes to GP co-management. https://www.youtube.com/watch?v=fjkVjKyAyY4
Then, also if you want to read an article about the problem and solution, from a 3rd party perspective.. http://www.brianmadden.com/opinion/PolicyPak-MDM-lets-you-deploy-native-Group-Policies-via-MDM .
Thanks and I hope these get you on the GP co-management road.
-Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software
Brad Parsons commented
Allow Co-Management with AD/GPO and Intune without SCCM. We have a number of Group Policies that I haven't seen an Intune equivalent as of yet. Shifting all to Intune is the goal just not ready to do a hard cut
Would it be possible to have the ability to have the Windows general configuration policy alongside the Intune agent Policy so you can manage general device settings like lockout and be able to manage updates and scan times via the Intune agent?