Replacing Complex GPO Item-Level Targeting with Intune

Hi All,

I’m looking for some advice on the best way to handle this scenario.

We’re running a hybrid environment and currently have a GPO that creates 1,000+ registry entries across 150+ user groups using item-level targeting with security groups.

Now we need to move this over to Intune, and that’s where things get tricky. Intune doesn’t really offer the same item-level targeting flexibility as GPO. So far, the only workable option seems to be creating 150+ platform scripts or Proactive Remediation scripts, which obviously isn’t ideal from a management perspective.

I’m thinking it might be much easier long-term to create one large PowerShell script that checks the logged-in user’s group membership and then applies the appropriate registry settings dynamically.

Has anyone dealt with something similar? Is there a cleaner or more scalable approach in Intune?

Thanks in advance!

Dilan