This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 56.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Company has two (2) VMs hosted in Azure. These VMs use Windows Defender as their Antivirus solution and recently (2-3 months ago), Company's Secure Score has been negatively affected for Windows Defender metrics; applicable to the two VMs. Secure Score has dropped from 7x% to 5x%.
The remediation steps have suggested – 1. Ensure Windows Defender is enabled along with real-time protection, cloud delivery etc. 2. Create and apply ASR rules
Remediation step 1 above has been actioned manually on the VMs but the issue now lies with applying the ASR rules.
Steps taken thus far:
I require assistance in determining why the policy status is “Not Applicable” and measures that can be taken to rectify the issue.
how are you trying to enable ASR rules? Normally this is one via powershell if it's for servers.
@SMB Thanks for posting in our Q&A.
If we want to use ASR policy, it is needed to meet some requirements. Please refer to the following article to do some check:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#requirements
If there is anything update, feel free to let us know.
I am trying to enable it from Microsoft Endpoint Manager Admin Center > Endpoint Security > Attack Surface Reduction.
Hello,
The Azure VMs are Server 2019 with Microsoft Defender Antivirus (with real time protection enabled) and cloud delivery protection on as well. All licenses within my tenant are M365 E5.
I used the same approach in creating an A
V Policy which applied successfully.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 10%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQS%3C/text%3E%3C/svg%3E)
Hi SMB
Did you find a resolution to the ASR rules you tried to apply to servers? am getting same error you had.
I have applied a ASR rule from Endpoint Security and getting "Not Applicable"
when i setup a antivirus policy it works.
Can you assist please
Quintin
Yep, I'm getting exactly the same issue myself as well... AV policy on servers is working perfectly. ASR policy is getting 'Not Applicable' for the ASR rules, but the 'Enable Controlled Folder Access' option in the same policy does show 'success'...
Servers are a mix of 2016, 2019 and 2022.
We know that Intune can apply ASR policy onto Servers nowadays, but now we can use Defender to create and apply policy 'direct'...
I've since deleted the Intune ASR policy, and created the ASR policy directly within the Defender Portal, which showed no change. I've since deleted that and re-created the policy minus the 'Enable Controlled Folder Access' setting (left to 'not configured'). This time, rather than showing 'Success' for the policy being pushed out, it's now showing 'Not Applicable' (presumably because the 'whole' policy is now not applicable, rather than the 'Enable Controlled Folder Access' succeeding, and the ASR polices being 'Not Applicable')...
Whichever way, I've got no idea why this is happening!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 19%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi
I am experiencing exactly the same issue. I have targeted an AV policy and an ASR policy at a group which includes MDE managed servers. The AV policy is being successfully applied but the ASR policy is showing as "not applicable".
I suspected it might be because we only had "Microsoft Defender for Endpoint Server" licenses in out tenancy so I got our CSP to add a Defender Endpoint P2 license but the problem still remains.
Anyone able to offer advice/troubleshooting on this one?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 42%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA9%3C/text%3E%3C/svg%3E)
I've got a similar issue, misconfiguration. We have MDE-Management turned on for Servers, so in theory, Intune is not a part of the solution. All policies work fine besides ASR, so my question: is it possible to manage ASR policies via MDE or do we need to onboard servers to intune? in my case licensing type is direct onboarding by script, but servers via Arc and VM in Azure same story. Any solution or configuration advise ? /A
Hi Adam, can you please explain step by step what you did to get it to work, so we can try doing the same thing. Thanx Quintin
Edit ASR policy (in my case for now it was Audit policy) and set it like on the picture below.
This you can find in Endpoints section / Configuration management and it is in security.microsoft.com blade. My machines are “MDE-Management”
do You have turned on enforcement scope in MDE ?
And also interesting article
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md
Regards
/Adam
Hi Adam
Thanx for posting this. I only have the "Windows Server Devices" selected the Windows client Devices" are managed from Intune and working correctly.
For some reason the ASR rules as still not applied from Intune to the servers,
have noticed that the Antivirus and Firewall Rules are applied to the server and working correctly, just the ASR Rules are not working.
The image above shows PowerShell of the ASR Rules, not applied to the server. any other ideas why this is happening? or what i can do to solve this? Thanx Quintin