Forum Discussion
Unable to enable tamper protection using MDM
I’m working on implementing Tamper Protection for Windows devices using a custom MDM solution with the Defender CSP, but I’ve run into some issues and could use your help.
A couple of questions:
What specific data needs to be sent with the Defender CSP to enable or disable Tamper Protection? I’ve tried using the Defender, but I’m not sure about the correct value to set.
Are there any permissions or enforcement scope settings that need to be adjusted for a custom MDM to manage Tamper Protection?
I tested Intune on some devices, and Tamper Protection couldn’t be enabled there either. Could there be a specific hierarchy or prerequisite settings in the Microsoft Defender for Endpoint portal that I’m missing?
If anyone has experience with this or has any insights, I’d really appreciate the help. Thanks in advance!
Hello Manik1,
It sounds like you’re on the right track with the Defender CSP, but Tamper Protection requires the device to be onboarded to Defender for Endpoint first. The correct value to enable it via CSP should be <enabled/>, but ensure your MDM has the right permissions to modify security settings. Also, check if the device is enrolled in Microsoft Defender Security Center and that no conflicting policies from Intune or Group Policy are blocking the change. If Intune couldn’t enable it either, there might be a missing prerequisite in Defender for Endpoint. Hope this helps!
Regards!
