question

SanjayBhakuniHSDDSH-7922 avatar image
0 Votes"
SanjayBhakuniHSDDSH-7922 asked iwebb edited

Intune Tamper protection

I am trying to turn on tamper protection for our organization in an attempt to stop end users from installing 3rd party anti-virus software which causes issues with compliance reporting in Intune. I have attempted to turn on this feature in Intune Endpoint Protection (Security Configuration Profile) under Endpoint Protection> Microsoft Defender Security Center> Tamper Protection> Enabled. After looking at the reporting on the configuration profile "Pre-setting status" I see that it has been applied successfully to all devices but when looking at the physical machine, the feature is not enabled (Screenshot). When attempting to change the registry value (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features)> Tamper Protection, I am presented with an error message (cannot edit TamperProtection: Error writing the value's new contents) shown (Screenshot). I have attempted to elevate my permission on the specific key to grant my self access to edit but am unable to make the change after elevating my permissions. When running the command in powershell to check the status, I see that is not enabled. Please let me know if you need additional information to troubleshoot this issue?

mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

iwebb avatar image
0 Votes"
iwebb answered iwebb edited

Check to see if the settings is disabled in the tenant. Access https://security.microsoft.com then go to 'Settings', 'Endpoints' then 'Advanced Features'.

Scroll down and check for Tamper protection. I did this for a customer and found it was turned off. Which meant that the tenant settings will 'win' over the Intune settings. Now I just need to find out 'why' they turned it off.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide#turn-tamper-protection-on-or-off-in-the-microsoft-365-defender-portal

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered

@SanjayBhakuniHSDDSH-7922 Thanks for posting in our Q&A.

For this issue, I have done the test in my lab. It shows the same result as yours. With Q&A limitation resource, Q&A is not the best channel for this case. It is better to create an online support ticket to double confirm if it is a known issue or if there is any method to fix it. It is free. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/get-support

Thanks for understanding.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NickHogarth-MVP avatar image
0 Votes"
NickHogarth-MVP answered

I can't see the screenshots, but it may be worth logging a support ticket with Intune or using Twitter and tagging @IntuneSuppTeam

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.