Tamper protection helps protect certain security settings, such as virus and threat protection, from being disabled or changed. If you're part of your organization's security team, and you're using version 2006 of Configuration Manager, you can manage the tamper protection feature for devices by using a method called tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Intune admin center, and then deliver endpoint security configuration policies to on-premises collections & devices.
Using Configuration Manager with tenant attach, you can turn on (or off) the tamper protection feature for some or all devices.
Important
When tamper protection is turned on, tamper-protected settings can't be changed. To avoid breaking management experiences, including Intune and Configuration Manager, keep in mind that changes to tamper-protected settings might appear to succeed but are actually blocked by tamper protection. Depending on your particular scenario, you have several options available:
If you must make changes to a device but find that those changes are getting blocked by tamper protection, use troubleshooting mode to temporarily disable the tamper protection feature on the device.
Use Intune or Configuration Manager to exclude devices from tamper protection.
This module examines how to manage Safe Attachments in your Microsoft 365 tenant by creating and configuring policies and using transport rules to disable a policy from taking effect in certain scenarios. MS-102
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.