Forum Discussion
Tamper Protection - Cloud Attach - Windows Server
Hello Microsoft Techcommunity,
We are currently trying to manage Defender for Endpoint using Intune and Cloud Attach. The antivirus settings seem to be ok, we can enable/disable them using Intune policy (ConfigMgr).
But unfortunately, we cannot disable Tamper Protection using Intune policy (ConfigMgr). All settings are stuck with "This setting is managed by your administrator". Even when we remove the device collection from all policies and create only one policy that should disable the Tamper Protection.
We do not have GPO/it enabled on the MDE portal. The PowerShell shows that the TamperProtection is disabled (False).
We are doing the test with Windows Server 2019.
Can anybody explain to me how the tamper protection should work on servers?
1 Reply
- For those who will be experiencing this later.
Answer from Microsoft - this is by design (expected behavior).
It works in such a way for Tamper protection and GUI. If you close access to GUI, you cannot re-open it via policy. The same with Tamper protection.
This can be solved only by changing the registry key.
