Sep 09 2019 01:44 AM
Sep 09 2019 01:44 AM
I'm looking for a way to disable Multicast Name Resolution (LLMNR) using Intune. I've checked the MDM Security baseline and all Device configuration policies, but was unable to find the setting. I rather do not want to use Powershell to deploy registry setting, but I do not know another option.
Is there anyone who knows how to disable Multicast Name Resolution?
Thanks in advance
Sep 09 2019 02:11 PM
@Aad Lutgert Hi, As there are a GPO "Turn Off Multicast Name Resolution" you could use an ADMX backed policy and importing the admx file and then deploy it as a configuration Policy.
That is what I would have tried.
Sep 09 2019 11:25 PM
Thanks for your suggestion. I've thought about this option, but ingestion is not allowed for the key location used by this setting. The location used is:
software\policies\microsoft\windows NT\DNS client
And it's not possible to ingest policies for the following key locations:
And there isn't an exception for the key "windows nt" in the exception list.
Please let me know if this isn't correct.
Feb 22 2020 05:20 AMSolution
@Basher81 I haven't recieved an answer. The best way to do this is creating a powershell script to add the following registry setting:
You can deploy this by either packaging with the win32 prep tool (application) or deploy it as a powershell script.
Hope this will help you.
Aug 07 2020 05:00 AM
@Aad Lutgert :crossed_fingers: maby you can help us out. So i was able to create the reg key EnableMulticast, but when looking at the Gpedit.msc, i still see the Multicast setting ' not configured'.
Maby is the heat :grinning_face_with_sweat: or i'm missing something. Goal in the end, would be to disable LLMNR and Netbios using Intune.
Kind regards, Martijn
Feb 13 2021 03:42 AM
I'm seeing the same behaviour in the GPedit setting, but when I'm testing it using Kali Linux as described in this article LLMNR and NBT-NS Poisoning Using Responder | 4ARMED it does seem to work.
Feb 13 2021 04:13 AM
There is also a new policy setting available In the latest Windows 10 Insider Preview Build named:
Using this policy setting LLMNR can be disabled on client computers. more info can be found here: