Skip to content

Commit

Permalink
Merge branch 'public' into patch-5
Browse files Browse the repository at this point in the history
  • Loading branch information
denisebmsft authored Oct 8, 2024
2 parents 2227948 + 10f8167 commit 93b4312
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
7 changes: 4 additions & 3 deletions defender-endpoint/manage-tamper-protection-intune.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ manager: deniseb
description: Turn tamper protection on or off for your organization in Microsoft Intune.
ms.service: defender-endpoint
ms.localizationpriority: medium
ms.date: 08/15/2024
ms.date: 10/08/2024
audience: ITPro
ms.topic: how-to
author: denisebmsft
Expand Down Expand Up @@ -55,7 +55,7 @@ Tamper protection helps protect certain [security settings](prevent-changes-to-s
| Requirement | Details |
|---|---|
| Roles and permissions | You must have appropriate permissions assigned through roles, such as Security Administrator. See [Microsoft Entra roles with Intune access](/mem/intune/fundamentals/role-based-access-control#azure-active-directory-roles-with-intune-access). |
| Device management | Your organization uses [Intune to manage devices](/mem/intune/fundamentals/manage-devices). |
| Device management | Your organization uses Configuration Manager or [Intune to manage devices](/mem/intune/fundamentals/manage-devices). Co-Managed devices are not supported for this feature|
| Intune licenses | Intune licenses are required. See [Microsoft Intune licensing](/mem/intune/fundamentals/licenses). |
| Operating System | Windows devices must be running Windows 10 [version 1709 or later](/lifecycle/announcements/revised-end-of-service-windows-10-1709) or Windows 11. (For more information about releases, see [Windows release information](/windows/release-health/release-information).) <br/><br/>For Mac, see [Protect macOS security settings with tamper protection](tamperprotection-macos.md). |
| Security intelligence | You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version `1.287.60.0` (or later). |
Expand Down Expand Up @@ -117,9 +117,10 @@ You can use a registry key to determine whether the functionality to protect Mic
|---|---|---|
| `6` | (any value) |The device is managed by Intune only. <br/>(*Meets a requirement for exclusions to be tamper protected.*) |
| `7` | `4` | The device is managed by Configuration Manager. <br/>(*Meets a requirement for exclusions to be tamper protected.*) |
| `7` | `3` | The device is co-managed by Configuration Manager and Intune. <br/>(*This is not supported for exclusions to be tamper protected.*) |
| A value other than `6` or `7` | (any value) | The device isn't managed by Intune only or Configuration Manager only. <br/>(*Exclusions aren't tamper protected*.) |

3. To confirm that tamper protection is deployed and that exclusions are tamper protected, check the `TPExclusions` registry key (located at `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features` or `HKLM\SOFTWARE\Microsoft\Windows Defender\Features`).
4. To confirm that tamper protection is deployed and that exclusions are tamper protected, check the `TPExclusions` registry key (located at `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features` or `HKLM\SOFTWARE\Microsoft\Windows Defender\Features`).

| `TPExclusions` | What the value means |
|---|---|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ manager: deniseb
description: Use tamper protection to prevent malicious apps from changing important security settings.
ms.service: defender-endpoint
ms.localizationpriority: medium
ms.date: 05/17/2024
ms.date: 10/08/2024
audience: ITPro
ms.topic: conceptual
author: denisebmsft
Expand Down Expand Up @@ -55,7 +55,7 @@ When tamper protection is turned on, these tamper-protected settings can't be ch
- Automatic actions are taken on detected threats.
- Notifications are visible in the Windows Security app on Windows devices.
- Archived files are scanned.
- [Exclusions cannot be modified or added ](manage-tamper-protection-intune.md#tamper-protection-for-antivirus-exclusions) (Applies to Intune or Configuration Manager)
- [Exclusions cannot be modified or added ](manage-tamper-protection-intune.md#tamper-protection-for-antivirus-exclusions) (Applies to devices managed by Intune only or by Configuration Manager only. Co-Managed devices are not supported)

*As of signature release `1.383.1159.0`, due to confusion around the default value for "Allow Scanning Network Files", tamper protection no longer locks this setting to its default value. In managed environments, the default value is `enabled`.*

Expand Down

0 comments on commit 93b4312

Please sign in to comment.