@Kidd_Ip 

No, create one that sets Memory Integrity to "disabled" or "off" in Core Isolation. When you use the Registry Editor to do this per machine, it will either get overriden by the current Azure policy for the Group the device is in or it just will not go through at all. 

Hope that makes sense.

@RossEarnheart 

You should not have to set the registry value manually.

But going back a step, are you actually talking about group policy - which is a mechanic used by Windows clients (workgroup-, domain- or hybrid-joined) or mobile device management (MDM) policy, such as that found within InTune?

Group policy is not found in Azure. MDM policy is found in Azure (via InTune).

InTune's MDM implementation can leverage Windows' group policy client through locally injecting policy data into the Windows group policy client engine.

Given I'm unsure as to which approach you're looking to use, here's some information on both.

Memory integrity can be managed natively by both group policy and MDM policy as noted below:

• Group policy: Enable memory integrity - Windows Security | Microsoft Learn
• InTune policy: Enable memory integrity - Windows Security | Microsoft Learn
  • VirtualizationBasedTechnology Policy CSP - Windows Client Management | Microsoft Learn

If you're using an MDM that isn't InTune, you'd want to look for a native setting that deals with memory integrity. Should that not exist, then you're back to the approach of deploying something like a PowerShell script as an application to perform the task. You should be able to run a search on this approach and find many examples that cover the setting of a registry key.

Cheers,

Lain