Forum Discussion
Could Intune be the cause of unwanted restarts?
I have an Intune environment that I am currently working on pushing out an endpoint protection profile. There was an older endpoint protection profile that only pushed app control as "audit-only". This profile had finished updating all machines. I deleted this profile from the environment, upon which a large number of users started to get a restart notice. They were unable to defer this restart and their machines were going to restart in the next 10 minutes. I'm trying to find out if removing a profile would cause this. The only thing I could find was that pushing a change to app control would cause a restart of the machine, but only if a change was occurring. There was no change pushed during today's work.
Link to the above-mentioned document here: https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-application-control
Another oddity to note here is not every machine was affected. I'm still gathering the exact numbers but it appears to be a large number of the Intune joined machines.
Application control settings usually need reboot to take effect, whether audit or enforce mode. I hear you that you just upgraded the profile, but I expect that change was the reason for reboot.
Moe
Application control settings usually need reboot to take effect, whether audit or enforce mode. I hear you that you just upgraded the profile, but I expect that change was the reason for reboot.
Moe
I saw that in the documentation as well. What confuses me is that there was no change. The profile had already been applied to devices and was active. The documentation also states that the policy for app control will not be changed unless switching from audit-only to enforced or vice versa. Neither of these happened, this was only a removal of the profile. To also confirm, yes, devices are still auditing apps as they were doing prior so this has not changed functionality either, which is to be expected.
