Modern Device Management

  It was a cold gloomy day when I set out on a mission to fix an issue involving ASR rules. Something which I may have done a dozen of times so I said to myself, why it should be any different this time. But if history has taught me anything, it is that no two issues are the same, despite how much they resemble and that for every issue there is a possible solution. You just have to stay relentless and you will eventually make it to the other side. The issue.. It all began with the ASR rules in 'block mode' starting to block macros on a set of devices. Pretty routine at this stage as the logical thing to do is either to configure necessary exclusions or put the relevant ASR rule in a non restrictive state like 'Audit' mode. The problem is that no matter what changes I made to the ASR rules, they simply didn't make any difference. Macros continued to be blocked and the events in Advanced hunting would confirm the same. When I checked the registry on the devices in que

If you manage Windows Defender AV settings, then you probably would have come across scanAvgCPULoadFactor in same shape or form. In Intune, the setting is called ' Avg CPU Load factor ' which is based of the same setting available in the GPO admx template. ' Avg CPU Load factor ' is used to specify the maximum percentage of CPU usage for a scan. The acceptable values for this parameter are: integers from 5 through 100, and the value 0, which disables CPU throttling. Windows Defender does not exceed the percentage of CPU usage that you specify. The default value is 50. While working on an implementation project for Defender for Endpoint, the customer pointed out to me that they were noticing some performance issues after onboarding to Defender for Endpoint and it was soon concluded that the issue could be due to AV scan configuration settings.  According to Microsoft  - It is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on ave