![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 53%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Other
Other Intune-related topics, including unsupported scenarios and platform-specific behaviors
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Hello Arunkishore,
Thank you for reaching out. Here are some troubleshooting steps that you can take
To ensure Memory Integrity (HVCI) and Local Security Authority (LSA) protection are properly enforced on Windows 11 23H2/24H2 devices via Intune, use the Settings Catalog to configure Virtualization-Based Security (VBS) and set HypervisorEnforcedCodeIntegrity = Enabled with UEFI lock, which makes the Windows Security UI show “Managed by your administrator” and prevents user toggling. Confirm hardware prerequisites (UEFI, Secure Boot, virtualization extensions) and remediate incompatible drivers, as these are the most common blockers for HVCI activation. Remove legacy GPO or ConfigMgr conflicts, ensure policy deployment succeeds, and validate compliance using msinfo32 or PowerShell checks. Roll out in phases: pilot readiness (driver inventory), enforce with UEFI lock, then expand. Use proactive remediation scripts and Endpoint analytics for monitoring, and keep LSA protection enabled via Intune account protection policies.
I hope this helps