I got confirmation from MS support back in August, but forgot to update here.

There is no fix as such, but the following workarounds are officially the way to go:

#1 Delete the classic CA policy "[Windows Defender ATP] Device policy"


#2 Exclude an admin group from the classic CA policy.

Expand full comment

Thanks for this, had the same issue. Am asking Microsoft support about it, so will advise if they say anything useful.

Expand full comment

Did Microsoft Support provide a fix yet?

Expand full comment