Huntress exclusions don't work currently when Local Admin Merge is set to disabled in InTune / GPO. This is a big problem because tamper protection doesn't work as effectively when local admin merge is allowed. For example it can potentially allow a threat actor to modify exclusions by installing a third party AV. See https://www.techradar.com/pro/security/hackers-can-turn-off-windows-defender-with-this-sneaky-new-tool for the PoC See https://www.linkedin.com/feed/update/urn:li:activity:7332012513137475585/ for an excellent write-up on the subject and why turning off Local Admin Merge, in addition to enabling Block Mode + Tamper Protection is a necessety. Huntress either needs to enforce disallowing local Defender exclusions from its side or it needs to work with local admin merge being disabled on the InTune / GPO side. This is a big gap that should be prioritized IMHO.
