Forum Discussion

Summa040's avatar
Summa040
Brass Contributor
Jul 13, 2023

Unable to disable Credential Guard using Intune

Hi There. We need to disable Credential Guard for our devices but when we configure this do be disabled using Intune, it stays enabled. All devices are Intune managed, no local AD and thus also no ...
Intune
mobile device management (mdm)
rahuljindal's avatar
rahuljindal
Bronze Contributor
Jul 13, 2023
Have you looked at the MDM diagnostic log for clues?
  • Summa040's avatar
    Summa040
    Brass Contributor
    Oct 27, 2023
    Hi guys. Excuse me for the late reply...
    Using the baseline also does not disable credential guard and nothing relevant is found in the MDM logs.

    The only way we are able to disable credential guard on a test device is by manually changing the LsaCfgFlags to 0 from the registry in the path HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and then rebooting the device.

    But to us that is some kind of workaround that we dont want to implement. We want to make use of the tools MS is providing us from here: https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=intune#disable-credential-guard-with-intune

    We thought it might be UEFI lock, so to be sure we also removed any possible UEFI lock as described here https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=intune#disable-credential-guard-with-uefi-lock

    Any more ideas anyone?
    • giti_j's avatar
      giti_j
      Copper Contributor
      Mar 22, 2024

      Summa040 Have you found solution for this other than registry method?

Resources