![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKN%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
If you have configured an Intune policy to disable Memory Integrity (Core Isolation) and it reports success but the setting remains enabled on the device, there could be several reasons for this behavior:
- Policy Application Delay: Sometimes, it may take a while for the policy changes to propagate to the device. Ensure that the device has synced with Intune and that the policy has been applied correctly.
- Local Group Policy Settings: If there are local Group Policy settings that enforce Memory Integrity, they may override the Intune policy. Check the local Group Policy settings to ensure they are not conflicting.
- Registry Settings: Memory Integrity settings can also be controlled via the Windows Registry. If the registry key for Memory Integrity is set to enabled, it may prevent the Intune policy from taking effect. You can check the registry key at
HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity. - Compatibility Issues: If there are compatibility issues with drivers or applications, they may prevent Memory Integrity from being disabled. Review the Code Integrity logs in Event Viewer to identify any blocked drivers that could be causing this issue.
- Reboot Requirement: Some changes may require a system reboot to take effect. Ensure that the device has been restarted after applying the policy.
If Virtualization-based Security is still showing as running despite being set to Disabled in the policy, similar checks apply. Ensure that there are no conflicting settings in local Group Policy or the registry, and check for any pending reboots that may be necessary for the changes to take effect.
References: