To reconcile Defender for Endpoint Attack Surface Reduction governance drift, inventory every ASR rule by Microsoft’s shared rule identity — Intune name, GUID, and advanced hunting action type — then compare that identity across Defender portal reporting, Intune policy, Configuration Manager...