Hello Woody Chiu at RASI,
Thank you for posting in Q&A forum.
Since your laptops are managed by Intune, you can create a policy to exclude the specific DLL from being blocked:
Create a Custom Configuration Profile:
Sign in to the Microsoft Intune admin center.
Go to Devices > Configuration profiles and click + Create profile.
Select Windows 10 and later as the platform and Custom as the profile type.
Click Create.
Add OMA-URI Settings: In the Configuration settings section, click Add.
Enter the following details:
Name: Exclude DLL from LSA Protection Description: Exclude the specified DLL from being blocked by LSA Protection.
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/LSAProtection Data type: String Value: Enter the path to the DLL you want to exclude, e.g., C:\Program Files\IBM\iAccessClient\yourdll.dll.
Assign the Profile: Assign the profile to the appropriate device groups.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.