Microsoft
MicrosoftAs an update to the "Microsoft Defender Antivirus" policies that never apply from Endpoint security, I created all the same settings via the Settings Catalog.
Of all the Defender settings in the Settings Catalog (filter of OS Edition = = Enterprise multi-session) , the only ones that actually apply are CloudBlockLevel and CloudExtendedTimeout (as seen from Get-MpPreference). They all say "Success" in Intune, but the actual device settings tell a different story. Back to settings these via PowerShell scripts instead, but I hope someone from Microsoft can weight in.
Steps to test:
1) Create a Device configuration profile with Settings Catalog for Defender settings.
2) Deploy new AVD instance that is Azure AD Joined + Intune with Windows 10 Enterprise Multi-Session 21H2 (no Office 365 apps).
3) Add device to a group that is in scope of the policy created in Step 1 (device is in scope of no other policies)
4) Push a sync via Intune / reboot the device / wait a day.
5) Compare before and after settings via Get-MpPreference
