Select Page

Change Manager for Group Policy and Intune

Configuration change control for Group Policy and Intune: Governance, security, and operational scale

Change Manager for Group Policy/Intune delivers modern configuration governance for Intune profiles and Group Policy from a single interface. A web platform provides role-based change control for Intune profiles, GPOs, and AD containers, with roles for editors, approvers, and deployers. Scheduled deployments ensure smooth change implementation. Proactive real-time monitoring for GPO tampering and malicious attacks ensures fast detection of suspicious activity and enhances Active Directory security.

Whether you are seeking change control for your configuration management environment or getting ready to migrate from the retiring Advanced Group Policy Management (AGPM) tool, Change Manager for Group Policy and Intune will help you to:

 

  • Ensure business continuity by preventing misconfigurations from becoming incidents and reducing the risk of operational disruption.
  • Reinforce security with proactive policy tampering detection, strict change control, and object delegation that reduces the risk of policy changes being maliciously exploited.
  • Recover quickly by rolling back and restoring capabilities to limit the impact of risky changes.
  • Scale operations with streamlined workflows and safe delegation so teams can move faster without sacrificing governance.
If you are interested in Change Manager for Group Policy and Intune, do you also…  
Need to confirm that approved changes keep your environment compliant with HIPAA, SOX, GLBA, PCI DSS? Group Policy Compliance Manager
Need a clear audit trail behind every policy change? Group Policy Auditing & Attestation
Need better visibility into your current policy environment before making changes? GP Reporting Pak
Need to move policies across Group Policy and Intune with less effort and risk? GPO Migrator
Need to reduce manual work in day-to-day policy administration? Group Policy Automation Engine

Microsoft AGPM reached its End of Life on April 14, 2026

Switch to Change Manager to stay compliant and ensure structured role-based change control

  • Web-based change control of Intune Configuration Profiles, GPO, and container (site, domain, OU) changes 
  • Unified dashboard with a bird’s-eye view of all GPOs, containers, and Intune profiles, with status captured
  • Ability to delegate editors, approvers, and optionally, deployers, at the GPO, container, and profile level
  • Virtual “Admin containers” allow for grouping of associated GPOs, containers, and profiles for delegation
  • Ability to quickly compare differences across versions and search for settings across GPOs or Intune profiles
  • Restore deleted GPOs
  • Proactive monitoring and alerting on out-of-band GPO changes, including malicious tampering and stealthy attacks that attempt to inject changes directly into the SYSVOL part of a GPO
  • 22 in-the-box reports across GPO, Containers, and Intune
  • Approval-based workflow with immediate or scheduled deployment
  • Role-based access control of product administration
  • Ability to restrict editing of GPO policy areas to specific users and groups
  • Ability to enforce GPO naming standards
  • Single sign-on (SSO) and delegation using Entra ID users and groups
  • “Break Glass” role for emergency changes
  • PowerShell module for automation of most Change Manager’s tasks
  • Email & MS Teams alerting on changes, approvals, and deployments
  • History of changes for each object
  • High-Availability (HA) deployment support
  • Operating Systems Supported for Installation: Microsoft® Windows® Server 2016, 2019, 2022 & 2025
  • Memory: Recommended 1GB free RAM
  • Hard Disk: Minimum 100MB free disk space
  • SQL Server 2017+, Azure SQL or LocalDB for evaluation installations
  • Microsoft .NET Framework 4.7.2+, Microsoft GPMC and Microsoft Windows PowerShell 5.x for PowerShell module
  • Chrome or Edge client browsers supported

 

  • Product is licensed on an annual subscription basis, based on the number of active computer accounts in all domains/tenants under management. Contact sales@sdmsoftware.com to get a quote.

 

FAQ

What is Change Manager for Group Policy/Intune, and how does it help with GPO management?

Change Manager for Group Policy/Intune is a web-based configuration change control platform for Group Policy and Intune profiles. It centralizes GPO management with role-based delegation, version history, scheduled deployments, fast rollback, and automatic detection of out-of-band changes so teams can govern policies at scale.

Is Change Manager for Group Policy/Intune an AGPM alternative?

Yes. Change Manager for Group Policy/Intune is a practical AGPM alternative for teams that need modern change control and governance. It supports the same core workflows many expect from Advanced Group Policy Management while extending support to Intune profiles and adding features such as scheduled deployments, out-of-band change detection, and richer role models.

How does Change Manager for Group Policy/Intune address AGPM retirement and migration planning?

Change Manager for Group Policy/Intune provides migration-friendly capabilities for organizations preparing for AGPM retirement. The product lets you export and compare GPO backups, preserve version history, and run staged or scheduled deployments to minimize risk during the transition.

What configuration change control features does Change Manager for Group Policy/Intune provide?

Change Manager for Group Policy/Intune delivers approval-based change control, GPO version comparison, export of checked-out objects, recycle bin restore, and fine-grained control over security filtering, WMI filters, and container linking. These configuration change control features reduce policy drift and help prevent misconfigurations from becoming incidents.

Can Change Manager for Group Policy/Intune handle both on-premises Group Policy and Intune profile management?

Yes. Change Manager for Group Policy/Intune provides unified management for GPOs, AD containers, and Intune Configuration Profiles in a single web-based dashboard. That unified approach simplifies hybrid GPO management, enables consistent policy governance across environments, and reduces operational friction for administrators.

Does Change Manager for Group Policy/Intune detect malicious activity in Group Policy and help recover from security incidents?

Change Manager for Group Policy/Intune proactively monitors and alerts for GPO tampering and malicious attacks in real time. This includes the ability to detect stealthy attacks that attempt to inject changes directly into the SYSVOL part of a GPO. CMGPI enables faster recovery by providing a global role for restoring modified or deleted GPOs.