I added a custom exclusion to our Windows Protect policy after it started blocking the Edge browser. The new policy will not update on our endpoints and I can't figure out why. I keep getting "Policy is Up to Date" when I sync but then I scroll down and look at the listed exclusions and what I added isn't on the list.
If I download the exclusion xml it includes the exclusion that I just added. When I look at events for policy updates there are updates happening since I've made the change, but they're not listing the current serial number of the policy. If I click on the policy link listed in the event it takes me to the policy that I've added the custom exclusion to, shows the custom exclusion, and shows a higher serial number.
I've gone into the settings for the policy and the Heartbeat Interval is set to 15 minutes, so it should have picked up the change to the policy.
Can anyone tell me if I'm missing a step somewhere? Why are the endpoints refusing to use this policy? Nothing recent is showing up tagged with Policy Update Failure, so I'm at a complete loss.
What am I missing?