Forum Discussion
Device control with Defender for Endpoint
Dear all, I need some help on an issue I have been experiencing with my device control policy recently. This policy was configured under attack surface reduction rules in Intune and has been wor...
To troubleshoot this:
- Examine the Intune management logs on both working and non-working machines to compare policy application
- Use the Event Viewer (Microsoft-Windows-DeviceGuard-UserMode/Operational) to check for device control events and policy rejections
- Try creating a test policy that uses multiple identification methods for the same device (Serial Number, Product ID, Vendor ID)
- Verify that all machines are on the same Windows build and have consistent Microsoft Defender versions