Update prevent-changes-to-security-settings-with-tamper-protection.md

andrewjohnporter · web-flow · commit 6126412a3d94 · 2024-10-07T23:37:19.000+01:00
added further detail around tamper protection and group policy
diff --git a/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md b/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -108,7 +108,7 @@ You can use Microsoft Intune and other methods to configure or manage tamper pro
 | Use the [Windows Security app](manage-tamper-protection-individual-device.md). | Turn tamper protection on (or off) on an individual device that isn't managed by a security team (such as devices for home use). See [Manage tamper protection on an individual device](manage-tamper-protection-individual-device.md).<br/><br/>*This method doesn't override tamper protection settings that are set in the Microsoft Defender portal, Intune, or Configuration Manager, and it isn't intended to be used by organizations.* |
 
 > [!TIP]
-> If you're using Group Policy to manage Microsoft Defender Antivirus settings, keep in mind that any changes made to tamper-protected settings are ignored. If you must make changes to a device and those changes are blocked by tamper protection, use [troubleshooting mode](enable-troubleshooting-mode.md) to temporarily disable tamper protection on the device. After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state.
+> If you're using Group Policy to manage Microsoft Defender Antivirus settings, keep in mind that any changes made to tamper-protected settings are ignored. If you must make changes to a device and those changes are blocked by tamper protection, use [troubleshooting mode](enable-troubleshooting-mode.md) to temporarily disable tamper protection on the device. After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state. To change the values on tamper-protected settings permanently you will need to disable tamper protection temporarily before turning it back on after the settings have changed. This obviously presents security risks and will not work on devices that are offline when tamper protect was temporarily disabled. This is a strong argument for using other management methods for Defender settings, like Intune, over Group Policy.
 
 ## Protect Microsoft Defender Antivirus exclusions
 
