question

FrederickArendorff avatar image
0 Votes"
FrederickArendorff asked Crystal-MSFT answered

Endpoint Manager Policies are not removed or reset to default

Hi

I'm testing out Microsoft Defender for Endpoint, and have therefore created test policies for Antivirus (including exclusions for both Processes, Files and Folders), Attack surface reduction, SmartScreen and so on. Which I have assigned to an AD group my test computers are member of.

The policies applies and works fine, but when I unassign the policies from the AD group they are not removed or reset to defaults on the test computers?
The same goes for Antivirus exclusions. But additionally if I keep the assignment to the group in place, and delete or remove processes, files and folders, one by one or a couple at a time from the policy. The very last process, file or folder are not removed on the test computers from ExclusionPath or ExclusionProcess?

Do any know or have an idea why this happens?

Regards
Frederick

mem-intune-generalmem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@FrederickArendorff, Agree with RahulJindal, when we delete a profile, or remove a device from a group that's assigned the profile, for windows devices, some CSPs remove the setting, and some CSPs keep the setting, also called tattooing. Here is a link for the reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#what-happens-when-a-profile-is-deleted-or-no-longer-applicable

Based as I know, Defender CSP will keep the setting. So if we want to change the value, we can reconfigure it in Intune. After the policy is applied, remove it again.

In our description, I notice we change the setting. But it seems not applied. As a quick method, we can create a new policy with the value we want to see if it can be applied

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered

Once you remove the assignment for a setting, Intune will not manage the policy for that particular setting anymore. So nothing will be removed or reset. As for your other issue where the file exclusions are not getting removed, this can be due to many reasons. For start, are the change in the policy settings being synched on to the devices?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.