I am doing a trial of Windows Defender Application Guard and have been unable to apply it to my test device. I'm unable to determine why and would like some advice on troubleshooting.
I have M365 Premium Business license which includes defender for business.
I also have E5 licenses (trial) and Defender for Endpoint P2 (trial) licenses applied.
I believe I have access to this feature, and I am able to create the policy that configures it.
Through Intune, under Endpoint Security -> Attack Surface Reduction, I have created a policy.
- Applicable to Windows 10 or greater
- Profile type is App and Browser Isolation
- Assigned to a test device group which includes my test computer.
The policy has been in place for a week or so. On the overview blade of the policy, there is a section listing "Profile assignment status - platform supported devices". 100% of the devices (which just includes my test device) show as "not applicable". The device status section within the monitoring for this policy includes my test device on the list, and simply lists the assignment status as "not applicable".
The test device is a laptop computer:
- running Windows 11 Business 22H2 (22621.1105)
- joined to AAD and managed with Intune.
- It's worthy of note that I'm able to configure and apply other Defender features like Smartscreen for Edge and they work as expected.
The monitoring report for the application guard policy I created does not show a reason why the status is "Not Applicable" (e.g. policy conflict? unsupported OS version? something else?).
I would like to find a log or other report showing the reason the device is not considered applicable so that I can address it. What is the best way to achieve this?