Intune compliance policy with mandatory Sophos endpoint protection installation

Funny you should mention it, I'm just embarking upon the same just now.

If Sophos (we've got InterceptX) isn't installed, it's like InTune is picking up Windows Defender and thus marking the device as compliant.

However, the moment InterceptX is installed (and thus I think not registering itself Windows Security Centre) InTune marks the device as non-compliant.

This would lead me to believe that InterceptX isn't (either properly, or at all?) registering with WMI as that's where Action Center gets its information from (and thus where InTune also gets it from).

Will come back if I find anything more pertinent/useful.

Funny you should mention it, I'm just embarking upon the same just now.

If Sophos (we've got InterceptX) isn't installed, it's like InTune is picking up Windows Defender and thus marking the device as compliant.

However, the moment InterceptX is installed (and thus I think not registering itself Windows Security Centre) InTune marks the device as non-compliant.

This would lead me to believe that InterceptX isn't (either properly, or at all?) registering with WMI as that's where Action Center gets its information from (and thus where InTune also gets it from).

Will come back if I find anything more pertinent/useful.

Found a little more:

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/virus-initiative-criteria

One would assume Sophos have gone through all these hoops?

More annoyingly, going into the security centre on the laptop I'm testing with, it shows (and forgive the image quality)

I feel like I'm missing something obvious.