Bluewall 
Weird Intune/MDE issue 🧵
ASR policy (Block PSExec/WMI) shows 38 Succeeded in Intune, but Get-MpPreference returns empty on endpoints and registry key doesn't exist.
AttackSurfaceReductionRules_ProviderSet = 1 in PolicyManager but no actual rule values written anywhere.
Cloud-only, no SCCM. Anyone seen this? #MicrosoftDefender #Intune #MDE
ASR policy (Block PSExec/WMI) shows 38 Succeeded in Intune, but Get-MpPreference returns empty on endpoints and registry key doesn't exist.
AttackSurfaceReductionRules_ProviderSet = 1 in PolicyManager but no actual rule values written anywhere.
Cloud-only, no SCCM. Anyone seen this? #MicrosoftDefender #Intune #MDE