Forum Discussion

ggaurav79's avatar
ggaurav79
Copper Contributor
Oct 11, 2023

ATP sensor moved to another tenant is still showing in former tenant

We have uninstalled ATP sensor from Tenant1, then re-installed with ATP sensor package downloaded from Tenant2, this was done a few months ago, but they are still reporting under "Microsoft secure score" with recommended action "install defender for identity sensor on all domain controller". I have verified they are not listed under identities > sensors list. Do any one has similar issue? is there a fix to remove the moved sensors from former tenant's "Microsoft secure score"?

  • The score should be calculated every day. The process to do this starts at about 1AM pacific time but it will take a few hours to run.
    • ggaurav79's avatar
      ggaurav79
      Copper Contributor
      Sorry, my bad, forgotten to add that it was done a few months ago, if you know any fix
  • thalpius's avatar
    thalpius
    Brass Contributor
    If you have a sensor running in a domain reporting to tenant1, then this sensor will report that there are Domain Controllers without a sensor. So, it's not about where the sensor is installed, but if there is still a sensor running which reports to the cloud that there are Domain Controllers without a sensor.

    Note: Even though there are still some references from "Azure ATP" in the product, the product is called Microsoft Defender for Identity for a long time 🙂
    • ggaurav79's avatar
      ggaurav79
      Copper Contributor

      thalpius Yes and agreed what you said ! I knew and understand that even one installed sensor will report if there are any other domain controllers missing the MIDI setup in same domain.
      Though, the problem is, regardless that we have removed them from one tenant, they are still coming in Secure score report which they shouldn't. I have already reported a case to Microsoft.

Resources