The ASR Rule "Block persistence through WMI event subscription" can not be configured via Intune.
Not via the "Devices | Configuration profiles" nor via "Endpoint security | Attack surface reduction"
However, this is advertised in Windows Defender ATP, Microsoft Secure Score, and docs.microsoft.com41 votes
Because of Intune insidiously adding extra settings in our other configuration profiles,
some of our Windows computers appear to not perform catch-up scans on wake/restart, despite us cleaning up the rogue settings back to Not configured.
Thinking about it though, shouldn't those options afford Enabled instead of Block? Actually there are many more settings scattered all over that I don't understand why the only option is to block. Surely organisations would want more flexible options for their policies.2 votes
If you have previously configured Bitlocker (or any other sec. feature) under Devices Configuration Profiles, the existing settings will not flow down to the new Endpoint Security node. In that case we might end up in conflict, where new admin creates new Bitlocker policy, not looking under Configuration Profiles.1 vote
Not possible to configure firewall rules for ICMP based on the type of ICMP traffic1 vote
Add the possibility to sort firewall rules by network type and direction and apply order of processing. Option to export MDM firewall rules is missing.1 vote
- Don't see your idea?