How To's
Home » How To's

How to migrate Windows 10 & 11 Group Policies to MDM CSPs? 

    Disclaimer:You can migrate group policies to CSP either manually or by using the MMAT tool. Microsoft has deprecated the use of the MMAT tool. Follow the doc to manually migrate Group Policies to MDM CSP's.

Description

With modern management capabilities available for managing Windows 10 & 11 devices, most organizations prefer using MDM solutions for managing them. While organizations are transitioning to MDM solutions, they still have legacy Group Policies applied on these devices. Microsoft now provides organizations an option to migrate their Group Policies applied to Windows 10 devices as MDM Configuration Service Provider (CSP) which can then be deployed in bulk on devices using an MDM solution. This migration requires the MDM Migration Analysis Tool (MMAT) developed by Microsoft. This tool helps in generating an XML file with a list of all the Group policies and their corresponding MDM CSPs. This XML file only contains the Group policies which have a corresponding CSP available.

Follow the steps given below to generate the XML file and migrate Windows 10 Group Policies to MDM CSPs.

Steps

  • To run MMAT, first ensure Remote Server Administration Tools (RSAT) is installed on the device. If it's not installed, download it from this link.
  • After ensuring RSAT is available on the device, run MMAT by clicking on Clone or Download button available in this link. Unzip the downloaded folder. 
  • Open PowerShell Window running as an Admin
  • Change the directory to the MMAT master folder which contains all the scripts and EXEs.
  • Execute the following commands
    • Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
    • $VerbosePreference="Continue"
    • ./Invoke-MdmMigrationAnalysisTool.ps1 -collectGPOReports -runAnalysisTool
      • (This command generates the XML file with the Group Policies available in the device where the command is executed.)

      In case you wish to generate the XML file for your Domain server use the command: ./Invoke-MdmMigrationAnalysisTool.ps1 -targetDomain <Domain name>  -collectGPOReports -runAnalysisTool

  • Running the above commands will generate an XML file titled MDMMigrationAnalysis.xml and an HTML file titled MDMMigrationAnalysis.html in the MMAT folder. The XML file will be required to complete the migration on the MDM console while the HTML file can be used to obtain details about Group Policies that don't have a corresponding CSP and hence cannot be migrated. 
  • On the MDM server, navigate to Device Mgmt -> Profiles and create a Windows profile.
  • Select Custom Configurations policies and click on the Migrate from GPO to MDM button.
  • Upload the XML file that was generated by MMAT and click on Load GPO
  • This will add all the Group Policies as configurations and link to the respective CSP documentation. These CSP documents contain details about the supported actions, data type and values which needs to be entered.
  • You can select the configurations that you want to configure and delete the ones that are not required. Verify all the OMA-URI, Actions, Data type and Value before saving the profile. Publish the profile for distribution
  • Test the profile by distributing it to a device and upon successfully testing the profile, distribute it to the required Groups