Hello, I have a very bizarre issue that we are struggling to find a resolution to and hope somebody can help.

We have two business units running on separate domains. One of these units has been on Defender for Endpoint for over 2 years with no issue, policies are pushed via GPO.

We have recently moved the other business unit over, while applying the same policies but via intune.

When users in the recently migrated domain are connected to the corporate network (direct or VPN) we have massive delays (minutes) in printing when device control is enabled. As soon as we disable it, it works straight away, if we disconnect from VPN it works straight away or if we are connected to the corporate network but change DNS to Google or Cloudflare public DNS, again it works straight away.

So it appears that something on our internal DNS are causing issues with whatever device control does under the hood when a print is tried.

Is there anyway somebody could try to provide some help to get this issue resolved please?