Configuration Profile for Endpoint Protection forcing Restart
After applying an "Endpoint Protection" configuration profile to an Intune device it shows the message "You're about to be signed out, Windows will shut down in 10 minutes".
Expected behaviour: The user should be able to postpone the restart at least 4 hours.
it is also happening with credential guard, nut only aplication control. think everything that needs hyper-v role installed; agree that it should be able for users to postpone this for about one working day (8 hours)
This is kind of a big deal. The issue is Windows Defender Application Control enforces a reboot in 10 minutes if configured using the Intune GUI options.
The work-around is to not configure it using the nice easy switches in Intune, but to create a custom XML policy, sign it, upload it and use an Intune custom CSP to apply it. Custom XML policies can be "rebootless" according to https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune
Not only is that a bunch more hassle, but I also can't see an easy way use Intelligent Security Graph with custom XML.
In the Intune GUI controls it's a simple slider.
WDAC and ISG are really important security controls in a world where major ransomware attacks are happening daily. Having options to easily set them up is important, and having those options *break Autopilot* when you use them isn't acceptable.
If a custom XML policy applied by CSP can be configured to apply "rebootlessly", the Microsoft-managed policies applied by Intune should also be rebootless, or at least have a switch to allow us to pick rebootless application.
This has been broken for two years now. It needs to be fixed.
Need to be able to manage the 'when' plus allow users to defer (up to a point).
Austin WongCarter commented
This needs to be manageable just like all of the other restart policies, we should be able to delay or even suppress the restarts.
Postpone the restart up to 24 hours!
please fix ty
We need this fixed! looks like WDAC policy is causing this
I agree we should postpone this to at least 4 hours or allow users to defer