When configuring Intune \ ASR (Attack Surface Reduction) policies for Windows Servers.

Why will the ASR policies not apply??

There is one setting in Intune\ Endpoint Security that is not compatible with ASR policies assigned to Windows severs, which is applicable to both Defender for Endpoint for servers plan 1or 2.

Within the ASR policy the following policy needs to remain – ‘Not Configured’

Once this policy remains ‘Not Configured’ , ASR rules can successfully apply to servers that are protected with Microsoft Defender for Server plan 1 & 2

Ref: https://www.linkedin.com/in/paul-costello-12950a101/