@Pierre Thank you for reaching out to us, As I understand you are trying to block SAM, LSA dump through MDE, Please refer to this blog - https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction/ detailed explanation has been provided here.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.