Forum Discussion
Onboard devices in Purview is grayed out
I’m getting started with Microsoft Purview and running into issues onboarding devices. In the Purview portal, no devices appear, and the “Onboard devices” option is grayed out.
I have EMS E5 licenses assigned to all users, and I’m signed in as a Global Admin with Purview Administrator and Security Administrator roles. All devices are managed by Intune and run Windows 11 Enterprise with the latest updates. They are Microsoft Entra joined (AAD joined), show up correctly in Defender, and their Defender onboarding status is active and onboarded.
What piece am I missing that would prevent these devices from showing in Purview and keep the onboarding option disabled? Any guidance would be appreciated.
5 Replies
Hello, Do not forget in parallel of licensing model, to add roles with your admin account to be allowed to onboard devices with specific = Security Administrator (onboarding devices from Defender) and/or Compliance Administrator (from Purview) to onboard devices from one of these portals. You will then be proposed different on-boarding scripts or packages Intune/Jamf for MacOS + Windows . In our organization we use the Entra PIM Privileged Identity management for activation of these 2 critical roles during a limited periods of time Max 4h . We are also using another end-point Threat Prevention provider Crowd strike Falcon sensor in parallel of MsDefender. If it is the case need to set Passive mode for Threat prevention settings to avoid any confilcts (not done automatically for example on some Win 22 servers) . FYI we are struggling now on the Data Loss prevention module activation on MacOS devices only. We have a incident support with Microsoft experts on this.
Thank you for providing all this detail. I added the compliance administrator and security administrator roles to the account I was using to onboard devices. The devices that were Intune and Defender have now shown up in Purview.
Thank you for the response. The information around this topic is confusing at first. Your guidance helped point me in the right direction. It turns out the issue wasn’t technical at all, it was related to licensing. After acquiring M365 E5 licenses, I was able to onboard devices successfully.
I’m also sharing a couple of links here that explain this in more detail, in case it helps anyone else who runs into the same problem in the future.
https://www.microsoft.com/licensing/guidance/Microsoft-Purview?msockid=1e363bca68d467792c8f2e1f69f16608
https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-purview-service-description#microsoft-data-loss-prevention-endpoint-data-loss-protection-dlpIt can be any of the following licences, not just M365 E5
- Microsoft 365 E5/A5/G5
- Microsoft Purview Suite/EDU/GOV/FLW
- Microsoft Defender + Purview Suite FLW
- Microsoft 365 E5/A5/F5/G5
- Information Protection & Governance
EMS E5 does not cover the advanced Purview features. To onboard devices into Purview for Endpoint DLP and IRM requires one of the following licenses Microsoft 365 E5/A5/G5, Microsoft Purview Suite/EDU/GOV/FLW and Microsoft Defender + Purview Suite FLW, Microsoft 365 E5/A5/F5/G5 Information Protection & Governance. More info Microsoft Purview service description - Service Descriptions | Microsoft Learn
