Policy mismatch (Threat Defense for Active Directory) shows for some clients while other clients belonging to the same group can apply the policy with no issue.
Windows with Hypervisor enforced Code Integrity enable.
Hypervisor enforced Code Integrity is enable and not supported for TDAD.
https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
TDAD does not support Hypervisor enforced Code Integrity.
CRE-11146