09-29-2018 02:12 PM
09-29-2018 02:12 PM
Trying to deploy Windows Defender Application Guard via Intune and running into the same issue on multiple Windows 10 Enterprise (1803) devices.
After the device syncs with Intune, I restart the devices. Application Guard is enabled, but the settings defined in the Intune policy are not applied and result in the errors in the screenshot. I looked up the error on the Intune error page, but has no description or recommended action. The Hyper-V feature is installed on all devices.
Any thoughts, ideas...?
Much appreciated. Thanks!
09-29-2018 04:01 PM
Alex, on one of the devices, check the event logs for more details: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
09-30-2018 08:50 AM - edited 09-30-2018 08:51 AM
How did you deploy the configuration policy via device configuration or with specific settings with OMA-URI's (for example like settings in device guard)?
Remediation failed error message returned by the client when the SET command on the OMA-URI’s required to configure the target setting. In your case, the OMA-URI's didn't succeed.
The remediation error code 201*** is very general therefore you can do the following actions:
09-30-2018 04:38 PM
I checked the event logs and only have errors for trying to install an older version of software that is already installed with newer version. I have no other errors.
09-30-2018 04:42 PM
I created a policy for endpoint protection from Intune and defined the settings there. Like I mentioned the devices did NOT have WDAG enabled until I deployed this policy to a group of devices. It does enable WDAG on them, but result in the failed remediation in the screenshot in the original post.
09-30-2018 11:51 PM - edited 09-30-2018 11:52 PM
If you don't have any warning or errors on debug log please check the following points:
10-01-2018 04:46 AM
Yes, running version 1803 build 17134.285. Update to 17134.320 has not pushed to these devices yet.
10-01-2018 04:48 AM
Yes, local policy is my next option to try. These are brand new Microsoft Surface devices.
10-16-2018 12:13 PM
Hello Any news would be good news. I am having exact issue but I am using Windows 10 Insider Preview 18252 - all on Microsoft SurfaceBook and Surface 5. I have noticed that if you just enable application Guard and leave all other settings not configured then I still get -2016281112 (Remediation failed)
10-18-2018 03:36 AM
Make sure to enable Audit for WDAG (with AuditApplicationGuard) and check event logs. If you can share the log it will be useful.