This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 68%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Hello there,
I have to move one policy to Intune which is currently configured in GPO. If I enable MDM Wins over GP, I believe other settings configured in GPO will be still be applied on the systems. Is it mandatory to remove the configuration from GPO before I apply it from Intune?
Thank you,
Nikhil
MDMWinsOverGpo policy CSP does not support Defender and Windows Update CSP. If the setting you want to move doesn’t fall under the above listed CSP, then you can leave the GPO on. If not, the. you will need to remove the assignment for the said setting in GPO.
Thank you for the response Rahul. How about moving the defender exclusions (file extensions, folder path etc) from GPO to Intune?
I have numerous policies from GPO and only defender exclusions to be shifted to Intune as the defender load is moving from Configuration Manager to Intune/Defender For Endpoint. All the remaining policies should get applied from GPO.
Thank you
Nikhil
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Nikhil Sasikumar, Thanks for the reply. It seems the Defender exclusions deployed via ./Device/Vendor/MSFT/Policy/Config/Defender/ExcludedExtensions
./Device/Vendor/MSFT/Policy/Config/Defender/ExcludedPaths
You can analyze your on-premises GPOs using Group Policy analytics to double confirm.
Then you can configure these policies in Intune and make sure they are applied successfully.
As Defender related GPO always win over Intune. Then we need to remove the Defender GPO policies to make sure the Defender policy in Intune can take effect on the devices.
@Nikhil Sasikumar, Agree with Rahul, MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.
If the same setting is configured in both GPO and Intune, it could lead to unpredictable behavior. To ensure a smooth transition, you might want to:
This approach helps in avoiding conflicts and ensures that the intended policies are applied consistently across your devices.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.