Share via

Config manager endpoint protection and group policy and local settings

David Zemdegs 1,586 Reputation points
2022-07-10T22:50:30.847+00:00

Endpoint protection policies can be managed by using the CM console and by using group policies and by configuring locally. e.g. exclusions.
However I havent been able to find any reference as to what happens when they all apply. e.g. exclusions set in CM, GPO and locally.
Do CM exclusions override GPO exclusions or vica versa?
Or are they cumulative?
Do CM exlcusions override locally configured exclusions or are they cumulative?
Thanks
David Z

Microsoft Configuration Manager
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rita Hu -MSFT 9,626 Reputation points
    2022-07-11T05:40:48.7+00:00

    @David Zemdegs
    Thanks for your posting on Q&A.

    Do CM exclusions override GPO exclusions or vica versa?
    As far as I know, we have deployed the Antimalware Policies for the Device Collection to manage the device by local group policy in MECM. If you use domain policies for endpoint protection, there are bound to be conflicts. You know the domain group policy will overwrite the local group policy. If you use MECM for computer management, it is prudent to apply other domain policies. This can lead to policy conflicts. Here are screenshots in my lab for your reference:
    The following device has been managed by MECM:
    219402-15.png

    But the applied group policy is local group policy:
    219421-16.png

    Hope the above will be helpful.

    Best regards,
    Rita

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments