Information
This policy setting prevents users from making changes to the Exploit protection settings area in the Windows Security settings.
The recommended state for this setting is: Enabled.
Rationale:
Only authorized IT staff should be able to make changes to the exploit protection settings in order to ensure the organizations specific configuration is not modified.
Impact:
Local users cannot make changes in the Exploit protection settings area.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Enabled
To access the Device Configuration Policy from the Intune Home page:
Click Devices
Click Configuration profiles
Click Create profile
Select the platform (Windows 10 and later)
Select the profile (Custom)
Click Create
Enter a Name
Click Next
Configure the following Setting
Name: <Enter name>
Description: <Enter Description>
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
Data type: Integer
Value: 1
Select OK
Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.)
Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy.
Default Value:
Disabled. (Local users are allowed to make changes in the Exploit protection settings area.)