A common request from information security teams is the ability to block mass storage devices. As every security defender knows, you cannot draw a hard line and block EVERY USB mass storage device. E...
Updated Jun 08, 2022
Version 2.0
Blog Post
Good day to all,
We tried to implement this feature on our Intune, but the XML file with the rule doesn't apply correctly.
We are getting the following error: Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request.
The error that we have in Event Viewer:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (678F479F-1B59-4A51-B7E0-DD94C793CD1C), Enrollment Name: (MDMFull), Provider Name: (Defender), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyRules/{c544a991-5786-4402-949e-a032cb790d0e}/RuleData), Result: (The parameter is incorrect.).
Has anybody experienced this?
UPD:
I've found the issue.
1 - Deny type should have 0 or 4 Option. I used 1. so I changed it to 0.
2 - AuditDenied has to work together with Deny entry. I used only Deny entry. So I had to add the AuditDenied entry too.
Hope it will help those who have the same issue.