Microsoft
Andres Pae Occasional Contributor
<u+200e>Oct 14 2022 07:17 AM
@lforbes - i dont believe all GPO (specifically Preferences) will be ever supported. Have look at https://www.youtube.com/watch?v=_dz1ERLa3Mk - this explains the last years developments in this field.nbsp; P
So as a Group Policy/NT Policy administrator since 1995 and a website designer and coder (blazor), the fact that these Microsoft Developers haven't got the skillset to figure out how to set registry keys is kind of shocking to me?
The policies Configuration Manager does set are Local Policies which again is completely unsecure because and anyone who gets admin privileges can just REMOVE the local policies manually and use the computer for days unprotected. With Advanced Group Policies they cannot be removed manually and we can re-apply them enforced every 5-15 minutes. We actually have some computers that were staged in Intune Incorrectly as Kiosks and I just run the local policy in mmc and remove the local policy and it lasts about 24-48 hours unrestricted.
The majority of corporate business is not going to drop 90% of their security and configurations for the few benefits of a cloud solution.
We have Configuration Management. All 86,000 computers I manage are in Intune and co-managed. However, we cannot use Configuration Manager because it is missing about 90% of the security and all of the 3rd party software registry settings.
