SOLVED

Tamper Protection deployment to Windows Server through Intune not working

Copper Contributor

I'm encountering this error when I try to push Tamper Protection to some Windows Server 2019/2022 machines through Intune:

 

Screenshot 2023-11-25 at 17.45.02.png

 

I note from the table here this feature isn't yet fully supported, however this guide suggests it is possible. 

 

Can somebody please clarify what the correct state of play is, and how soon customers can expect deployment from Intune to start working?

 

Thanks.

5 Replies

Hi @Tempest62,

Microsoft Intune allows organizations to manage Tamper Protection, even extending its reach to Windows Server deployments. To implement Tamper Protection on Windows Server through Intune, follow these steps:

  1. Navigate to the Intune admin center, proceed to Endpoint security > Antivirus, and click on + Create Policy.
  2. Select Windows 10, Windows 11, and Windows Server in the Platform list.
  3. Choose Windows Security experience in the Profile list.
  4. Create a profile with the setting: TamperProtection (Device): On.
  5. Configure additional options for your policy.
  6. Deploy the policy to your devices.

However, encountering deployment issues on Windows Server 2019/2022 may result from various factors. Notably, Configuration Manager version 2006, with tenant attach, extends Tamper Protection to Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.

For the latest information on deployment challenges and resolutions, it is recommended to refer to official Microsoft documentation or contact Microsoft support.

Manage tamper protection for your organization using Microsoft Intune | Microsoft Learn

Frequently asked questions (FAQs) about tamper protection | Microsoft Learn

Windows Defender tamper protection management in Microsoft Intune - Microsoft Community Hub

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Thanks for your reply Leon. The steps you've laid out (1–6) is what I have done and what then results in the error shown in my initial post.

I do not use Config Manager, have not configured Tenant Attach, so the problem is unique to Windows Security Experience and something Microsoft need to solve.

Can someone from Microsoft advise on this?

best response confirmed by Tempest62 (Copper Contributor)
Solution

I experienced similar behaviour when enrolling the servers in Intune through security settings management feature. I ended up enabling Tamper protection at the tenant level in Defender.

Thanks for your reply and the reminder about enabling TP at tenant level. I had done this some time ago and now realise what I'd been looking at on my test machines was the wrong configuration. A Kusto query for TP across all inventory confirms I have the correct settings in place.
1 best response

Accepted Solutions
best response confirmed by Tempest62 (Copper Contributor)
Solution

I experienced similar behaviour when enrolling the servers in Intune through security settings management feature. I ended up enabling Tamper protection at the tenant level in Defender.

View solution in original post