We have defender for endpoint and since past couple of days, we are most of powershell scripts are trying to elevate. Earlier they were running in passive mode. Also many applications including intune pushed scripts are giving Yes/No Promts (Configured in policy). As it was working fine earlier and suddenly started this issue. Anyone else facing the same?
Question
Getting prompts for powershell for normal automated scripts
A few things to take into consideration?
The majority of stuff that is pushed from Intune should happen in the context of system, and should not be affect by EPM policy unless you have created rules that target those.
If the above is not the case, then we must have rules that targets those PowerShell scripts by accident.
To resolve that:
Make a copy of current policy, assign it to another group and move a single client over.
Change the policy design to Raise a local event on all rules.
Apply the policy and check the local Events in the Event Viewer and it will tell you what rule we hit.
KR Jens
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.