From 6126412a3d940ec9b200e1b7c3b04749dcad4ee5 Mon Sep 17 00:00:00 2001
From: Andrew John Porter <53306271+andrewjohnporter@users.noreply.github.com>
Date: Mon, 7 Oct 2024 23:37:19 +0100
Subject: [PATCH] Update
 prevent-changes-to-security-settings-with-tamper-protection.md

added further detail around tamper protection and group policy
---
 ...event-changes-to-security-settings-with-tamper-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md b/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
index a864800546..f0a375cada 100644
--- a/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -108,7 +108,7 @@ You can use Microsoft Intune and other methods to configure or manage tamper pro
 | Use the [Windows Security app](manage-tamper-protection-individual-device.md). | Turn tamper protection on (or off) on an individual device that isn't managed by a security team (such as devices for home use). See [Manage tamper protection on an individual device](manage-tamper-protection-individual-device.md).<br/><br/>*This method doesn't override tamper protection settings that are set in the Microsoft Defender portal, Intune, or Configuration Manager, and it isn't intended to be used by organizations.* |
 
 > [!TIP]
-> If you're using Group Policy to manage Microsoft Defender Antivirus settings, keep in mind that any changes made to tamper-protected settings are ignored. If you must make changes to a device and those changes are blocked by tamper protection, use [troubleshooting mode](enable-troubleshooting-mode.md) to temporarily disable tamper protection on the device. After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state.
+> If you're using Group Policy to manage Microsoft Defender Antivirus settings, keep in mind that any changes made to tamper-protected settings are ignored. If you must make changes to a device and those changes are blocked by tamper protection, use [troubleshooting mode](enable-troubleshooting-mode.md) to temporarily disable tamper protection on the device. After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state. To change the values on tamper-protected settings permanently you will need to disable tamper protection temporarily before turning it back on after the settings have changed. This obviously presents security risks and will not work on devices that are offline when tamper protect was temporarily disabled. This is a strong argument for using other management methods for Defender settings, like Intune, over Group Policy.
 
 ## Protect Microsoft Defender Antivirus exclusions