Currently in use within over 95% of Fortune 1000 companies, Microsoft Active Directory (AD) is widely used on a global scale to authenticate and authorize all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.
AD offers a hierarchical infrastructure called Group Policy that allows a network administrator to implement specific configurations for users and computers. This provides centralized management and configuration of operating systems, applications, and users' settings in an AD environment. Group Policy controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. The Group Policy Microsoft Management Console (MMC) enables IT administrators to create a Group Policy Object (GPO) which is a collection of settings that define what a system will look like and how it will behave for a defined group of users. The GPO is associated with selected AD containers, such as sites, domains, or organizational units.
Thanks to the concept of digital transformation and the push to adopt Microsoft’s cloud-based infrastructure and services such as Office 365 and Azure AD, there is an increasing number of enterprises who must build a strategy for transitioning their on-premises GPOs to the cloud to ensure consistency and efficiency. Intune comes with the Office 365 services as a way to manage your device policies – but MDM in Azure extends access management controls to both domain joined and non-domain joined computers so you can manage more than just mobile devices. Microsoft has documented settings that can be moved to Azure AD, where Intune is the repository for policy settings under the umbrella moniker of MDM, even though several of the policies are beyond mobile management. Azure AD does provide Group Policy capabilities, but it is not as far along as its on-premises version of AD.
Our customers tell us that they are encountering a wide variety of technology roadblocks when it comes to getting existing AD Group Policy moved to Intune. Here are three of the most common challenges that we hear:
- Determine what group policies are cloud-ready – there is no easy way to natively discover what percentage of your GPOs are able to be migrated to the cloud. When Microsoft releases an updated version of Azure AD, there are more policies supported. Once these are supported in Azure AD, they can be moved to Intune, but not before they are officially supported. Without an automated assessment tool, IT administrators are forced to manually compare using spreadsheets or a similar vehicle.
- Migrate existing Group Policy Objects to Intune – once you know what policies are cloud-ready, moving those existing policies to Microsoft Intune can be a labor-intensive error-prone scripts. Some enterprises don’t have the time, expertise, or resources to perform a successful migration.
- Ongoing management of Group Policy – every time Microsoft has an update or release of Azure AD and Intune, more policies are added and supported. If doing the assessment and manually or with scripts, this can be a daunting task. There are also reports that need to be created as part of the ongoing management because it is important to understand what percentage of your policies are not yet migrated – not having to maintain reports in spreadsheets can be helpful during audits or when reporting to management.
The Answer: an easy-to-use assessment and migration tool
Inconsistent policies accross on-premises and cloud resources opens you up to risk and puts you in danger of not meeting governance and compliance requirements. Most enterprises realize that they must find a way to get their policies to the cloud, but find out quickly that it is not as easy as it sounds. To help accelerate your move to the cloud, we have released a tool called Micro Focus Policy Compliance Assessor. Inconsistent policies across the hybrid enterprise bring great risk and audit complexity, so most enterprises are seeking a way to move their on-premises Group Policy controls to the cloud.
This new solution allows you to streamline the entire GPO to Intune migration process. We help you skip the labor-intensive spreadsheets and scripting and provide a more streamlined approach. Automatically assess your Group Policy Objects to determine which ones are cloud-ready. Then, migrate the supported policies directly into Microsoft Intune with one click. Leveraging PCA, you can easily re-evaluate policies as Microsoft releases periodic updates. With Micro Focus, you can drive consistency around policy in your hybrid environment that will not only make you more secure, but help you meet governance and compliance requirements.
Watch a demo video, Cloud Readiness and Migration with Micro Focus Policy Compliance Assessor.
Kick off your cloud-assessment with the free software trial of Micro Focus Policy Compliance Assessor today.