Application Guard status is error, even it is enabled

Question

From a machine, I locally see that Application Guard mode is enabled to Edge browser, but the Intune configuration policy has errors. Has anyone succeed in this? I see few other similar posts about same issue. I enabled Application Guard via ASR.

Answer 1

Hi,

Thanks for posting in Microsoft Q&A forum.

It's a little strange now. Please help check below event logs under Applications and Services Logs to see if we can find any useful information:
Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provide
Microsoft-Windows-WDAG-PolicyEvaluator-CSP
Microsoft-Windows-Windows Defender-Operational

Thanks for your time.

Best regards,
Simon

---

If the response is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

There are some or a lot errors in different Event Viewer nodes you mentioned, but nothing specific I can grap on. Some of errors are very cryptic so I don't understand what they are about. This event viewer "chaos" is a problem releated to MDM, which makes them partly unreadable without specific experience. Troubleshoting Group Polcies with Event Viewer was a lot easier.

Answer 3

Both, from new Security node and from old Configuration Profile \ Endpoint Protection, the App Guard deployment status goes read, even if all machines are actually using it. The feature is installed and Edge browser has new feature.

Answer 4

@Simon Ren-MSFT I discovered few things.

1. In event viewer I see this all the time:

2. All these settings are really off, even they are set to on in Intune.