Event details
Our organization is trying to transition from ConfigManager/SCCM to Intune. We are currently using Hybrid with a large (many domain) ADFS AAD setup. We currently harden via GPO on each domain. My goal is to be able to deploy policy via Intune instead of domain GPO, but it seems Intune is still in Preview and lacking policy support in MDM. As an example, CIS is our Organizations security standard, 70-90 policies are not supported in Intune MDM when importing a CIS benchmark. Word is you can setup OMA-URI custom, manual settings. Is there a way to confirm the accuracy of these strings? Is Intune still being expanded for MDM to cover all of the unsupported/missing policies? Thanks!
I've heard from Customer Success Team that we can provide list of settings from GPO that are not yet supported via MDM and it should be covered in some unknown future.
On the other hand, when I've raised support ticket I end-up with recommendation to deploy PowerShell script that will implement that part of CIS which had issue.
The last thing is reporting of CIS implementation on the endpoint. In GPO recommendation document there are reg keys for polices from GPO, and Intune MDM caches settings in PolicyManager key so if there is an automated/ semi-automated audit that will check for reg keys based on GPO doc you will probably fail