What setting exactly in your ASR policy do you have configured that you believe is blocking PowerShell script execution (as there are no built-in rules that do this)?
Exclude Powershell from ASR rule
Hi
In Endpoint security we have an attack surface reduction policy setup.
We noticed that this policy was preventing our PowerShell scripts from running from SCCM.
We made an exclusion here:
This allowed SCCM to execute scripts one the exception was made.
The issue however is, this will allow the end user to execute PowerShell scripts as well since their is an exclusion.
Is there anyway to let SCCM be excluded but still prevent users from running PowerShell scripts?
Thanks
-
Jason Sandys 31,196 Reputation points Microsoft Employee
2021-08-11T15:36:59.39+00:00
1 additional answer
Sort by: Most helpful
-
Jarvis Sun-MSFT 10,186 Reputation points Microsoft Vendor
2021-08-11T08:15:15.187+00:00 @berketjune2012 Thanks for posting in our Q&A.
we can use role-based access control and scope tags to make sure that the right admins have the right access and visibility to the right Intune objects. On the Scope Groups page, select the groups containing the users that you want to prevent running PowerShell scripts.
Please refer to: https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.