This policy setting prevents users from making changes to the Exploit protection settings area in the Windows Security settings. The recommended state for this setting is: Enabled. Rationale: Only authorized IT staff should be able to make changes to the exploit protection settings in order to ensure the organizations specific configuration is not modified. Impact: Local users cannot make changes in the Exploit protection settings area.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Enabled To access the Device Configuration Policy from the Intune Home page: Click Devices Click Configuration profiles Click Create profile Select the platform (Windows 10 and later) Select the profile (Custom) Click Create Enter a Name Click Next Configure the following Setting Name: <Enter name> Description: <Enter Description> OMA-URI: ./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride Data type: Integer Value: 1 Select OK Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.) Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy. Default Value: Disabled. (Local users are allowed to make changes in the Exploit protection settings area.)