Starting in 9.0R3 release, Windows Device Guard feature is supported with Pulse Secure Application Manager (Pulse SAM) with the Pulse Desktop Client. This feature is not supported with Legacy WSAM.
For Pulse SAM to work in versions prior to 9.0R3, it is necessary to disable HVCI options locally on the client PC as well as in the GPO.
Refer to the following Tutorial
for steps on disabling HVCI options for Device Guard and Credential Provider with or without UEFI lock enabled.
Note: It is still possible to use Windows Defender Application Control
with Pulse SAM. The conflict is specifically with Device Guard and Credential Provider options.