ITSM Infrastructure Practice Lead
Group Policy is a centralised way to manage user and system permissions on a variety of devices. The network administrator controls and applies configurations, without disruption to the user or having to physically manage each device separately.
How does it work?
Group Policy (GPO) is applied to groups of computers or users using a central console provided by Windows Server. Depending on the nature of the policy, user or machine, the policy would be applied in the background or upon start-up/login.
In order for Group Policy to reach your device, it needs to be connected to the local area network and in an Active Directory environment. This is different for something like Intune, which is cloud-based and focussed on devices that don't connect to the traditional network regularly.
When would you use it?
Some examples of GPO usage would be centralised drive mapping controls, software installations, printer configurations, and password policy application. Depending on the nature of the policy, user or machine, the policy would be applied in the background or upon start-up or logon.
What about devices that are used away from the office?
This would mean that if you take your device offsite (e.g. in a working remotely scenario), it won't have policy modifications applied until it returns to the local network.
When would you want to use Intune or GPO?
Intune has its foundations in mobile device management, therefore the configuration options are mobility considerations. Read more about Microsoft Intune Mobile Device Management.
It isn’t always clear whether GPO or Intune is the best choice, and it varies between business to business. We’ve found that a roundtable discussion is a great way of discovering what’s going to suit your environment best.
Microsoft Intune vs GPO: What's best for your business?