Intune disables Tamper Protection by default

Occasional Reader

We noticed a strange quirk about Intune and have repeatedly tested it across multiple tenants with freshly reinstalled workstations running Windows 10.


Normally, Intune much like AD should not apply policies unless given a policy to apply. But we noticed that by default Intune will always apply a policy to DISABLE Tamper Protection by group policy when devices are enrolled unless you specifically make a configuration profile or otherwise to tell Intune to enable Tamper Protection on end devices.


This seems like a strange behavior, and is not documented anywhere in the Microsoft Learn website.


Also, if you run the Powershell command Get-MpComputerStatus you will see that TamperProtectionSource now gets listed as "Signatures" with no explanation. Again, there is no documentation about this type in Microsoft Learn or any other public KBs. The KBs only had information about other states such as UI, Transition, etc.


Is there a way to request Microsoft to provide documentation to fill in these important gaps in their knowledge base?

0 Replies