Event details
Hello. Excellent presentation. When we used ASR Device Control policy, the deployment was fine, but removing the policy from a device, by excluding, the removal worked fine, however, we needed to manually fix the registry to fully remove the policy settings as the removal by Intune ASR succeeded but there were left-over configs on the local computers' registry that still blocked USB storage or printing access, which was unexpected as the policy was no longer applied (as verified by the Intune console). The policy was to disable access to local USB Storage on select computers. It looks like exclusion in ASR worked and was applied, but we needed to manually clear the registry settings which was painful...deploying a ASR policy with opposite configs worked, but was not as successful as the manual registry "clean up". Thoughts? Thank you.
We have seen this happen with a lot of Intune policies - you revoke the policy or exclude from it and the settings have tattoo-ed. Would be great if there could be a perm fix for this. Group policy did tattoo a few things but not to this extent. It's logged in the Feedback portal here: https://feedbackportal.microsoft.com/feedback/idea/c636d31c-e398-ee11-a81c-0022484f9f6d