Group Policy vs Intune policies

Hi RELL,

Transitioning to Microsoft Intune almost always requires a hybrid approach initially. Operating in a Hybrid Entra ID Joined state allows your devices to receive traditional on-premises Group Policy Objects alongside modern Intune Mobile Device Management policies. This coexistence is standard practice, allowing you to maintain user productivity while methodically shifting legacy configurations to the cloud without breaking existing infrastructure. To bridge the gap efficiently, utilize the Group Policy Analytics tool within the Intune admin center. By exporting your current GPOs from your domain controllers as XML files and importing them into this engine, you can immediately identify which legacy settings map directly to modern cloud configurations. This dramatically reduces the manual work of recreating policies and helps steadily phase out your reliance on the local Active Directory Sysvol directory.

During this overlap period, policy conflicts are inevitable, and by default, local GPOs will win against Intune settings. To prioritize your new cloud setup, deploy a custom Intune profile utilizing the Policy Configuration Service Provider to set the ControlPolicyConflict/MDMWinsOverGP node to an enabled state. When this policy syncs to the endpoint, it alters the local device registry at HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\ControlPolicyConflict, instructing the Windows operating system to block the conflicting GPO and enforce the Intune configuration. This mechanism provides a clean, predictable transition path toward full modern endpoint management.

Hope this answer brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.

VP