Forum Discussion
Replacing Complex GPO Item-Level Targeting with Intune
Hi All,
I’m looking for some advice on the best way to handle this scenario.
We’re running a hybrid environment and currently have a GPO that creates 1,000+ registry entries across 150+ user groups using item-level targeting with security groups.
Now we need to move this over to Intune, and that’s where things get tricky. Intune doesn’t really offer the same item-level targeting flexibility as GPO. So far, the only workable option seems to be creating 150+ platform scripts or Proactive Remediation scripts, which obviously isn’t ideal from a management perspective.
I’m thinking it might be much easier long-term to create one large PowerShell script that checks the logged-in user’s group membership and then applies the appropriate registry settings dynamically.
Has anyone dealt with something similar? Is there a cleaner or more scalable approach in Intune?
Thanks in advance!
Dilan
1 Reply
Hi,
I think you might be overthinking this situation a bit, but it’s also difficult to fully understand your point since I don’t know how many users/devices you’re managing in your company.
What I did in an environment with around 1,500 hybrid users/devices was to rethink the design — everything that could be managed natively in Intune was delivered natively.
So, from my point of view, I’d start by sanitizing your setup, checking ADMX ingestions for your specific use cases, and you might end up with only about 75 scripts to deploy.
Good luck!
