Turn on Memory Integrity via Intune
Hi, I want to turn on Memory Integrity via Intune. I used the following script to turn on Memory Integrity, but it didn't. Also, there are no errors or failure statuses on the Intune Scripts Status page. Could someone please suggest This is the script I used: # Registry key path $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" # Desired value for Memory Integrity (1 for enabled with UEFI lock) $desiredValue = 1 # Initialize exit code $exitCode = 0 # 0 indicates success by convention try { # Check if the key exists if (Test-Path -Path $registryPath) { $currentValue = Get-ItemProperty -Path $registryPath | Select-Object -ExpandProperty "Enabled" # Check if the value is already set to the desired value if ($currentValue -eq $desiredValue) { Write-Host "Memory Integrity is already enabled with UEFI lock. No changes made." } else { # If the key exists but the value is not as desired, set it to the desired value Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } else { # If the key does not exist, create it and set it to the desired value New-Item -Path $registryPath -Force Set-ItemProperty -Path $registryPath -Name "Enabled" -Value $desiredValue Write-Host "Memory Integrity enabled with UEFI lock successfully." } } catch { Write-Host "An error occurred: $_" $exitCode = 1 # 1 indicates failure } # Exit with the specified exit code exit $exitCode Output of the regedit: Enabled : 1 PSPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity PSParentPath : Microsoft.PowerShell.Core\Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios PSChildName : HypervisorEnforcedCodeIntegrity PSProvider : Microsoft.PowerShell.Core\Registry
