When attempting to add an Azure Stack HCI OS 22H2 cluster or node to Veeam Backup & Replication, the following error occurs:
Your organization used Device Guard to block this app. Contact your support person for more info. Failed to start service 'VeeamDeploySvc'. Host: 'x.x.x.x'. Failed to start deployment service on the target host
By default, the Azure Stack HCI OS 22H2 Supplemental Package has Windows Defender Application Control (WDAC) enabled and running in the enforcement mode. WDAC is a software-based security layer that reduces the attack surface by enforcing an explicit list of software that is allowed to run. WDAC limits the applications and the code that can run on the core platform.
To allow third-party non-Microsoft signed software to run on Azure Stack HCI nodes, a WDAC supplemental policy provided by the third-party software vendor must be installed.
The supplied XML policy is already linked to an Azure Stack HCI base WDAC policy {A6368F66-E2C9-4AA2-AB79-8743F6597683}
Alternatively, you can use the RefreshPolicy.exe tool:
C:\wdac\RefreshPolicy.exe Rebootless ConfigCI Policy Refreshing Succeeded!
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case