This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am testing deeply some ASR scenarios and I discovered, that if I create 2 different objects behind Endpoint Security, one will audit X rule and another will block X rule, the Intune monitoring does not show any conflict. While working just with rules, I see no conflicts (I try to do so by purpose), but if I organize OFF/ON conflict within Controlled Folders, I will see the conflict.
Just wondering, is that by design? I apply both Audit and Block rules to All Devices collection (this is a test lab).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
@Pavel yannara Mirochnitchenko Thanks for posting in our Q&A.
For this issue, not sure if it is by design. It may need to confirm how the "conflict" of ASR rules defines. Honestly, I didn't find the related resource. Hope someone else can share some information.
I managed to get the conflict in monitoring by setting ALL asr rules to block and in another to audit. Conflict appeated immidiatelly. Now the question is, why some specific rule does not cause it, but some other does. The single rule I played before was WMI & PSexec block, that did not cause a conflict.
I also monitored local event logs with asr rules xml, and unfortunatelly that does not display the conflict coming from Intune policies.
It is suggested to create an online support ticket to get more help. Maybe can get some explain from the product team.
