Unable to disable Credential Guard using Intune

Copper Contributor

Hi There.

We need to disable Credential Guard for our devices but when we configure this do be disabled using Intune, it stays enabled.

All devices are Intune managed, no local AD and thus also no group policies. All devices have been factory reset. Devices are a mix of Windows 10/11 22H2.  I know W11 22h2 enables this by default, bu we should be able to disable it.


We used below Settings Catalog profile setting to disable:

Credential Guard1.png

We also tried the Endpoint Security > Account protection route, but that didn't work either. Now we have both settings set to disable.

We also tried removing Credential Guard EFI variables in case they might be present using the instructions found here:https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-g...


After a while it seems Credential Guard is enabled again and this puzzles me as i have no clue why this is happening. To my knowledge i have done everything possible to disable Credential Guard but it still gets enabled...


2 questions:

- Does anyone have another great idea to why Credential Guard gets enabled? Might there be a different place where we can enable/disable credential guard that i am missing?

- Is there a way to check if credential guard has been enabled before WITH UEFI lock using a command or other way?

2 Replies

@Summa040 try to disable it using the security baseline from the endpoint security section 




Have you looked at the MDM diagnostic log for clues?