Forum Discussion

Brass Contributor

Jan 22, 2025

Defender of Endpoint on Comanaged Laptop

We are testing device control feature of Microsoft Defender for Endpoint (MDE). Onboarded a laptop to MDE only (not enrolled to Intune) - created two policies in Defender portal Attack Surface red...

micheleariis

MCT

Feb 28, 2025

Hi, it’s happening because Device Control isn’t supported on devices managed only by Defender (without Intune). In your co-managed scenario, you may see intermittent behavior due to policy sync delays or conflicts between Intune, SCCM, and any GPOs.

Suggestions:

-Make sure the Endpoint Protection workload is truly moved to Intune
-Force policy sync from both Intune and the client
-Check security/Device Control logs for conflicts
-Reboot after policy application

As for replacing “Access Denied” with a custom message, Windows doesn’t provide a built-in way to override that system error text.

Sochito
Brass Contributor
Mar 08, 2025
Thank you Michelariis, now the device is managed by Intune but behaviour is still the same.
Endpoint Protection, device management workloads are moved to Intune for a pilot collection and the machines are member of that collection.
Policy forced several Times behaviour is still the same
Please share the location of of Device control logs