Attack Surface Reduction - Problem Enforcement

Hello Community, for a customer i deploy Microsoft Defender for Endpoint with Security Management Features of MDE.

All works fine but for "Attack Surface Reduction Rule" i have some problem, device are 1.8K and attack surface reduction only apply for 304 devices that have the same policy of other.

But from Security Portal

So i don't understand because in some device asr works correctly and in the other device not.

Has anyone the same problem ?

Regards,

Guido

microsoft defender for endpoint

GuidoImpe
Jun 13, 2025
Hello, yes all requirements are respected.
So my solution is to delete and recreate policy and all works fine 😁

3 Replies

Pouya
MCT
Jun 12, 2025
Hi Gudio,
I am not sure about the type of devices and conditions of those devices for all with the same policy on the Intune... You may check the below URL if all of those devices meet the conditions and requirements for EDR in block mode:
Endpoint detection and response in block mode - Microsoft Defender for Endpoint | Microsoft Learn
- GuidoImpe
  Brass Contributor
  Jun 13, 2025
  Hello, yes all requirements are respected.
  So my solution is to delete and recreate policy and all works fine 😁
  - Pouya
    MCT
    Jun 17, 2025
    Ok, great that has been fixed now.

Forum Discussion

Attack Surface Reduction - Problem Enforcement

3 Replies

Resources