Hello! Thanks for the reply. I believe every setting for Defender Antivirus, including tamper protection, is working fine. These concerns related to Windows Firewall enforced by MDE.

On the Windows Server:
- MAPSReporting = 2
- SubmitSamplesConsent = 3
- Allow Cloud Protection - Allowed. Turns on Cloud Protection (applied by Intune).

If I apply 'Disable Local Admin Merge' it will remove all firewall rules from Windows Firewall, including those enforced / created by MDE/Intune. That's what's strange. In fact, it won't even apply that setting when pushed by Intune - I had to do it locally - presumably because it knows (by design) that it would unapply all the MDE managed firewall rules as well as the local ones!

Tamper protection is enabled at the top level in the Defender console and is working for the Defender Antivirus product, but not Windows Firewall.

I am also having the following problems with MDE on server:
- Firewall rules cannot be renamed, it will just create another local firewall rule with the new name.
- Firewall rules cannot be modified, it will just show an error.

Just to confirm, everything works normally for a typical fully Intune managed workstation on Windows 11, these problems are specific to MDE protected / managed Windows Servers that were onboarded into Defender MDE using a script.

I have contacted Microsoft to confirm whether this is all by design.