Has anyone here figured out a way of disabling Tamper Protection on Windows 11 24H2 in an automated fashion during image build? It seems to be unbeatable

Early domain join with GPO disabling it won't work?

You can’t, as it’s on by default, so allowing it to be “tampered” with in a automated fashion is what it’s there to protect against. You either have to turn it off manually (personal device) or use Intune in the Defender Portal (corporate)

If you can do it with Intune, you should be able to do it with automation. It just requires the right elevation and process

If it’s not native in Powershell or in a Windows API you can easily call, then anything else would be hacking just like this https://www.alteredsecurity.com/post/disabling-tamper-protection-and-other-defender-mde-components

Yeah this is a pain. You can configure GPOs, but need to manually go in and disable tamper protection for any of it to take effect.

Where there is a will, there is a way 🙂

Thought you’d “sorted” it for a minute then and was waiting for the link to your blog post 🤣

You are too quick, i edited the message - eagle eyes