Attack Surface Reduction policy breaks creating new session hosts

Avatar
David Sain

Using Manager for MSP.

When creating a new session host, it would get to "Join to ARM AVD" then fail. Support pointed me to this article which worked for a few minutes:
https://nmmhelp.getnerdio.com/hc/en-us/articles/30697922879501-Attack-Surface-Reduction-AVD-exclusions?brand_id=656158

I found that this reverts back and it's so frequent, that it will often interrupt the build of a new session host.

In the MSP level, under Policy Management > Endpoint Security Policy is an NMM Attack Surface Reduction policy, but it cannot be edited.  Even if I clone and edit, I have no idea what to change.

I worked with support but they had no idea this exists and don't know what to do.  We don't have enhanced support.
This should reference the case if internal staff look: id967YV3-2KY0J

My work around is to simply disable Defender integration.  Not desirable but the only way I could make this work.
 

Is there a way to address this?

1

Comments (4 comments)

Sort by
0
Avatar
David Sain

Pretty quiet out here.  Guess nobody knows how to address this issue.  Will just have to leave Defender integration turned off.

0
Avatar
Dave Stephenson

Hey, David Sain, that doesn't look like one of our Ticket IDs, but I was able to find your ticket in our system.

As far as I've seen, working with partners on the Enhanced Support side, our KB on ASR exclusions works.
That policy you're referencing isn't customized for AVD environments, but by following the KB and then importing the updated policy it should work for you the same way it does in our KB/Testing.🙂

0
Avatar
David Sain
(Edited )

Hi Dave.  

THANK you for a response. The problem is that adjustment is temporary (following the KB) and is overwritten within 30 minutes.  I tried to import the updated policy right away and that didn't work.  I'll have to try it again because maybe it was over-written before I could import the updated policy.  This process requires the luck of timing so it isn't overwritten and I wasn't that lucky.

David

0
Avatar
Dave Stephenson

Haha. I think we're all a little crazy at times.

It sounds like you might have a conflicting policy that's overwriting your changes.
I'd recommend talking to your Partner Success Manager about possibly getting some time with our Enablement Team.
I'm guessing with one session with them, it'll help your team better understand how our Modern Work policy management is supposed to work.

 

Please sign in to leave a comment.