Disabling Core Isolation Memory Integrity via Group Policy (creating a new group policy)

RossEarnheart 

You should not have to set the registry value manually.

But going back a step, are you actually talking about group policy - which is a mechanic used by Windows clients (workgroup-, domain- or hybrid-joined) or mobile device management (MDM) policy, such as that found within InTune?

Group policy is not found in Azure. MDM policy is found in Azure (via InTune).

InTune's MDM implementation can leverage Windows' group policy client through locally injecting policy data into the Windows group policy client engine.

Given I'm unsure as to which approach you're looking to use, here's some information on both.

Memory integrity can be managed natively by both group policy and MDM policy as noted below:

• Group policy: Enable memory integrity - Windows Security | Microsoft Learn
• InTune policy: Enable memory integrity - Windows Security | Microsoft Learn
  • VirtualizationBasedTechnology Policy CSP - Windows Client Management | Microsoft Learn

If you're using an MDM that isn't InTune, you'd want to look for a native setting that deals with memory integrity. Should that not exist, then you're back to the approach of deploying something like a PowerShell script as an application to perform the task. You should be able to run a search on this approach and find many examples that cover the setting of a registry key.

Cheers,

Lain