It has been confirmed by an colleague of mine which is a MECM specialist that this behavior is being presented only when an upgrade Task Sequence is being copied, which most of us do to save time.
Solution is to create a brand new Task Sequence and insert the data from the steps of the original one.

BR

Hi,

it seems that my copying of the the previous upgrade TS is what caused the issue. I am waiting for the confirmation on this and will write as soon as I receive an update.

BR

Hi,

it is not about a 3 hour message thing. It is about laptops/windows 10 displaying that they already have 21H2 although this is not correct. They are running 20H2, this happens only on couple of clients. The upgrade once started WORKS without problems. IT is only about a display message in software center like in my screenshot.

BR

Check image language, version (if you have selected the correct index). Basically the 20H2 should be the SAME as 1909 to every last detail. More than this I cannot tell you.

Take a look at mine, mine is on hyper-v:

You dont need couple of steps, for example:
1. Set SMSTSPostAction
2. Pre-provision Bitlocker
3. Partion Disk 1 - this is just drive D, but you need only C in this case.
4. Add local admin

Let us know how it went.

Cheers

Sure

Actually found the fastest way, still not perfect:

Then on the client which need the defender deactivate run the powershell command:

Then disable all the "knobs", especially tamper protection.

BR

Hi,

I dont think that you understood what I meant. I meant temporary putting the defender on hold when you have your options disabled from the admin:

I have to also mention that our users ARE local admins on their machines.

BR

Hi,

think AndyDavid answered and I am satisfied with his answer. Thank you to you as well, I learned something new.

Cheers

Hi Andy,

yea the "All Users" Address list in outlook is also a good idea...maybe this would ease the pain.

Thanks for your comment.

Yes, veryyy simple solution. Multiply this with how many workers does a company have and you get what exactly? Nothing, how are we supposed to do this for 500 workers?

I did not try but I made a copy of the policy, just waiting for a partner company to tell us if this is a bug. Will write here how it goes.

Cheers

Hi Andy,

since you want to help, do you mind answering the following question. Does the EOP also monitor inside mail traffic? If not what would we have to buy in order to have this part covered as well? because we had an internal phishing attack and our TrendMicro Antivirus missed it as well. Explanation from TM is that their AV does not cover e-mails.
Only thing which was not enabled, as far as i know was this safe links policy, but not the whole policy but the setting to "Apply Safe Links to email messages sent within the organization" - this was off at the time.

Thank you

Thank You Andy,

you have helped me very much. MFA E-Mail is going out tomorrow to the colleagues and they have to implement it within one week.
I will take a look at the link provided, there is much to read which is good-that means many options to set up.

Cheers,

Hi,

i just found out what was the issue. My apologizes, the thing works but only if I send the link in the e-mail! I was thinking that tenant block/allow was to block the WHOLE URL in the browser without clicking in any e-mail. To further explain, I thought that the block URL option would really forbid all users to access for example facebook.com but this is not possible as far as MS support told me couple of minutes ago.

In order to block the webpage I have use our antivirus software.

Important question: if we have an phising scam that comes from our internal colleague, how do we proceed then? How do we block the link internally in Defender?

Cheers