You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I found an issue where merged policies do not apply to endpoints managed by MS Intune. I use the new App Control for Business (Preview) feature to push .xml rules.
This is what I see in the Windows Event Log in DeviceManagement-Enterprise-Diagnostics-Provider > Admin:
"MDM ConfigurationManager: Command failure status. Configuration Source ID: (DA52A31C-6E2F-4ADF-921E-284C917F8080), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (ApplicationControl), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/ApplicationControl/Policies/784c4414-79f4-4c32-a6a5-f0fb42a51d0d/Policy), Result: (Your organization used Device Guard to block this app. Contact your support person for more info.)."
Everything seems fine once I process the merged .xml rule file again with no changes (use Edit policy, make no changes and creating a new version)
Steps to reproduce:
Merge 2 .xml policies
Create or edit existing App Control for Business config profile and ingest the new .xml
Look into Event log Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin and search for "ApplicationControl" keyword.
The text was updated successfully, but these errors were encountered:
Confirmed we have this issue also, except we are not using the new preview feature in Intune to apply
policies but still using OMA-URI. Merged policies just don't apply properly and allow everything to run. The baseline works, abut as soon as you merge the policy with some additional requirements the policy doesn't work. We are having to manually merge policies currently. Not sure if related to the other defect mentioned where the merged policy have extra numbers added to the end.
Hello,
I found an issue where merged policies do not apply to endpoints managed by MS Intune. I use the new App Control for Business (Preview) feature to push .xml rules.
This is what I see in the Windows Event Log in
DeviceManagement-Enterprise-Diagnostics-Provider > Admin
:"MDM ConfigurationManager: Command failure status. Configuration Source ID: (DA52A31C-6E2F-4ADF-921E-284C917F8080), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (ApplicationControl), Command Type: (SetValue: from Replace), CSP URI: (./Vendor/MSFT/ApplicationControl/Policies/784c4414-79f4-4c32-a6a5-f0fb42a51d0d/Policy), Result: (Your organization used Device Guard to block this app. Contact your support person for more info.)."
Everything seems fine once I process the merged .xml rule file again with no changes (use Edit policy, make no changes and creating a new version)
Steps to reproduce:
Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin
and search for "ApplicationControl" keyword.The text was updated successfully, but these errors were encountered: