Tamper Protection - remediation failed

%3CLINGO-SUB%20id%3D%22lingo-sub-1029095%22%20slang%3D%22en-US%22%3ETamper%20Protection%20-%20remediation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1029095%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3Ewe're%20trying%20to%20enable%20%22tamper%20protection%22%20on%20our%20mdatp%20protected%20devices%20via%20Intune%2C%20utilizing%20already%20existing%20Endpoint%20Protection%20profile.%20Unfortunately%20we're%20always%20receiving%20an%20error%20%22remediation%20failed%22%20from%20the%20related%20Intune%20profile.%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20aware%20of%20this%20issue%3F%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EThomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1036435%22%20slang%3D%22en-US%22%3ERe%3A%20Tamper%20Protection%20-%20remediation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1036435%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239335%22%20target%3D%22_blank%22%3E%40Thomas%20H%C3%B6hner%3C%2FA%3EYou're%20not%20alone%20-%20I'm%20seeing%20the%20same%20thing%20in%20my%20tenant.%26nbsp%3B%20They're%20all%20showing%20%22Remediation%20failed%22%20in%20the%20intune%20console%20for%20my%20endpoint%20protection%20configuration.%20I've%20confirmed%20intune%20is%20linked%20to%20ATP%20security%20center%2C%20windows%20edition%20upgraded%20to%20enterprise%2C%20M365%20E5%20license%20assigned%20w%20windows%20reporting%20%22digital%20license%2Fsubscription%20active%22%2C%20Defender%20ATP%20reporting%20normally....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1060656%22%20slang%3D%22en-US%22%3ERe%3A%20Tamper%20Protection%20-%20remediation%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1060656%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F470823%22%20target%3D%22_blank%22%3E%40PaulMadden%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20provided%20a%20hotfix%20for%20this%20issue%20end%20of%20last%20week%20-%20tested%20a%20couple%20of%20times%20-%20now%20it%20works%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ejust%20remember%20in%20case%20of%20new%20device%20provisioning%20that%20it%20can%20take%20some%20time%20until%20successfully%20applied%2C%20as%20the%20defender%20engine%20(security%20intelligence%20version)%20must%20have%20a%20min%20release%20version%20in%20order%20to%20contribute%20to%20this%20setting%20(%20%26gt%3B%3D%26nbsp%3B%3CSPAN%3E1.287.60.0%20)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi all,

we're trying to enable "tamper protection" on our mdatp protected devices via Intune, utilizing already existing Endpoint Protection profile. Unfortunately we're always receiving an error "remediation failed" from the related Intune profile. 

Anyone aware of this issue?

Thank you

Thomas

2 Replies
Highlighted

@Thomas HöhnerYou're not alone - I'm seeing the same thing in my tenant.  They're all showing "Remediation failed" in the intune console for my endpoint protection configuration. I've confirmed intune is linked to ATP security center, windows edition upgraded to enterprise, M365 E5 license assigned w windows reporting "digital license/subscription active", Defender ATP reporting normally....

Highlighted

@PaulMadden 

Microsoft provided a hotfix for this issue end of last week - tested a couple of times - now it works

 

just remember in case of new device provisioning that it can take some time until successfully applied, as the defender engine (security intelligence version) must have a min release version in order to contribute to this setting ( >= 1.287.60.0 )