For the most part, migrating GPOs is a really straight forward process of exporting your GPO as an XML file and uploading it into the Intune console, which will then evaluate the settings to make sure they are compatible with the Intune CSPs, and when ready just migrate them and assign them as necessary
And this works well for most, but there are a few gotchas to watch for – Specifically when it comes to Mapped Drives and Firewall Rules – these are not supported, though I understand that the Firewall policies are now handled by the Endpoint Protection section
No Preferences for you!
I feel that Microsoft have made it a lot harder than it should be when it comes to anything else under the Group Policy Preferences node from a GPO – in this case – drive mappings
I can find no native way in Intune to deploy mapped drives without resorting to PowerShell scripts. Again it feels like we are going back in time – this time to the days of login scripts using either a simple batch file, or the likes of Kixtart scripts to determine who should get what drive mapping or printer assigned to them.
The inclusion of Group Policy Preferences (GPP) with Server 2008 made this process a heck of a lot easier, especially when it came to filtering who got what driveĀ a user should get through Item Level Targeting.
Yet with Intune, there is nothing included that mirrors that functionality that is included natively – that doesn’t require scripts such as PowerShell
Community Intervention
Fortunately, the community has stepped up and there are a variety of ways now to help with drive mappings in particular with sites that can generate the necessary scripts such as the Intune Drive Mapping Generator site that lets you upload an XML of you existing GPO and it will generate a PowerShell for you.
But this is still a script, and like all PowerShell scripts it will only run once – so if a user deletes there drive mapping, it won’t reapply – unless you then look into remediation scripts to scan for drives and remap any missing drives
Another option is the community created DriveMapping.admx file that can be imported into Intune. The benefit of this is that because its a policy (or a CSP to use the Intune lingo) then if a drive mapping is deleted by the user – Intune will re-apply it again.
The custom ADMX file is certainly the way I’d recommend – and it does seem to work, but I’ll know more when I start to actually migrate them fully