- Only the configurations for conflicting settings are held back.īlock Office communication apps from creating child processesĪSR rule: 26190899-1602-49e8-8b27-eb1d0a1ce869.
- When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
-
Settings that do not have conflicts are added to a superset of policy for the device.Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline > Attack Surface Reduction Rules.Endpoint security > Attack surface reduction policy > Attack surface reduction rules.Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > Attack Surface Reduction.Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:.Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed.Īttack surface reduction rule merge behavior is as follows:
Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules.
Merge behavior for Attack surface reduction rules in Intune:Īttack surface reduction rules support a merger of settings from different policies, to create a superset of policy for each device. To learn more, see Attack surface reduction rules in the Microsoft Defender for Endpoint documentation.