Forum Discussion
ASRs via Intune not working (only on Windows 11 Clients)
We have been using some ASR rules in our company for a longer period of time. We have set these up via Intune.
Since we have been using Windows 11, we have had some problems with a few ASR rules.
one Example:
Block all Office applications from creating child processes does not work under Windows 11.
Now I have seen under the Security Recommendations that Intune is probably only possible for Windows 10.
Has anyone had similar experiences? And do I now have to completely rebuild my policies?
I would be very grateful for any input.
- Jordi_KoenderinkBrass Contributor
That's just a UI thing. The ASR you mentioned is supported on W11: https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#asr-rules-supported-operating-systems
- david0KCopper Contributor
Hi Jordi_Koenderink, the problem is that even when I hunt for the ASRs in MS Defender, it shows that the setting Block all Office applications from creating child processes is off(there are 2 more settings). But according to our settings, this should not be the case. It also works on the Windows 10 devices, as set.
- Jordi_KoenderinkBrass ContributorNot sure what you're saying here. The ASR is showing as Off in the Advanced Hunting tab but you set it to On regardless? If so, what does your query look like?