Forum Discussion
Enabling Tamper Protection with Tenant Attach
I am trying to determine how, if possible, to enable Tamper Protection but the various combination of current portals, features, and their preview/production status is making it difficult to follow. ...
- I don't think it means that policies are not applying. Have you tried simulating any attacks to test for the policies? Do you see any events being reported in Eventvwr or Advanced hunting for the same?
You should be able to assign a tamper protection directly against a collection enabled for cloud sync through tenant attach. Just use the relevant profile that you should be able to find under Endpoint security AV. You can continue using rest of the Defender policies through ConfigMgr.
- Thanks, I can confirm that I've been able to deploy Tamper Protection and policies in this way. Also, I've been able to enable Tamper Protection through the Microsoft 365 Defender portal. But either way, won't Tamper Protection being turned on cause my CM antimalware policies from being ignored because of how CM applies those policies?
- Rest of the Defender policies should continue to apply from ConfigMgr. Are you seeing otherwise?
- The policies do apply as shown in Get-MpPreference and Get-MPComputerStatus. I guess the way that Tamper Protection is described in that it ignores registry and group policy changes, my understanding was that ConfigMgr antimalware policies would also be ignored because of how they apply.
So just to confirm, the ConfigMgr antimalware policies should be 100% compatible and configurable when using Tamper Protection? Does it matter whether Tamper Protection is enabled through MEM via Tenant Attach, or instead through the Microsoft 365 Defender portal?
