disable Multicast Name Resolution (LLMNR) with Intune

Brass Contributor

I'm looking for a way to disable Multicast Name Resolution (LLMNR) using Intune. I've checked the MDM Security baseline and all Device configuration policies, but was unable to find the setting. I rather do not want to use Powershell to deploy registry setting, but I do not know another option. 


Is there anyone who knows how to disable Multicast Name Resolution? 


Thanks in advance



8 Replies

@Aad Lutgert Hi, As there are a GPO "Turn Off Multicast Name Resolution" you could use an ADMX backed policy and importing the admx file and then deploy it as a configuration Policy.

That is what I would have tried.


@Jörgen Nilsson 


Thanks for your suggestion. I've thought about this option, but ingestion is not allowed for the key location used by this setting. The location used is:


software\policies\microsoft\windows NT\DNS client


And it's not possible to ingest policies for the following key locations:






And there isn't an exception for the key "windows nt" in the exception list. 


Please let me know if this isn't correct.


@Aad Lutgert DId you ever figure this out? I am running into the same thing now 

best response confirmed by Aad Lutgert (Brass Contributor)

@Basher81 I haven't recieved an answer. The best way to do this is creating a powershell script to add the following registry setting:


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]


You can deploy this by either packaging with the win32 prep tool (application) or deploy it as a powershell script. 


Hope this will help you.

@Aad Lutgert :crossed_fingers: maby you can help us out. So i was able to create the reg key EnableMulticast, but when looking at the Gpedit.msc, i still see the Multicast setting ' not configured'. multicast.PNG
Maby is the heat :grinning_face_with_sweat: or i'm missing something. Goal in the end, would be to disable LLMNR and Netbios using Intune.

Kind regards, Martijn

@Martijn Steffens 


Hi Martijn,


I'm seeing the same behaviour in the GPedit setting, but when I'm testing it using Kali Linux as described in this article LLMNR and NBT-NS Poisoning Using Responder | 4ARMED it does seem to work. 


best regards,


Aad Lutgert

There is also a new policy setting available In the latest Windows 10 Insider Preview Build named:




Using this policy setting LLMNR can be disabled on client computers. more info can be found here: