Oct 20 2023 01:57 PM
My organization is currently trying to set a group policy to apply to a set of devices or groups where the Core Isolation / Memory Integrity is switched off so that specific apps can run on specified devices. However, we're having a heck of a time locating this option in Azure. Could someone point me in the right direction to create this group policy in Azure?
Oct 22 2023 07:58 PM
Oct 23 2023 06:02 AM
No, create one that sets Memory Integrity to "disabled" or "off" in Core Isolation. When you use the Registry Editor to do this per machine, it will either get overriden by the current Azure policy for the Group the device is in or it just will not go through at all.
Hope that makes sense.
Oct 29 2023 10:40 AM
Oct 29 2023 06:43 PM
You should not have to set the registry value manually.
But going back a step, are you actually talking about group policy - which is a mechanic used by Windows clients (workgroup-, domain- or hybrid-joined) or mobile device management (MDM) policy, such as that found within InTune?
Group policy is not found in Azure. MDM policy is found in Azure (via InTune).
InTune's MDM implementation can leverage Windows' group policy client through locally injecting policy data into the Windows group policy client engine.
Given I'm unsure as to which approach you're looking to use, here's some information on both.
Memory integrity can be managed natively by both group policy and MDM policy as noted below:
If you're using an MDM that isn't InTune, you'd want to look for a native setting that deals with memory integrity. Should that not exist, then you're back to the approach of deploying something like a PowerShell script as an application to perform the task. You should be able to run a search on this approach and find many examples that cover the setting of a registry key.
Cheers,
Lain