Forum Discussion

thomidwi's avatar
thomidwi
Copper Contributor
Nov 29, 2024

When onboarding a device using the DFE (Device Functionality Enhancement)

When onboarding a device using the DFE (Device Functionality Enhancement) onboarding script, the device should successfully enroll in Microsoft Defender for Endpoint (MDE) and show as "Managed" in the Defender portal. However, if the device displays as "Managed by Unknown" and the "MDE Enrollment Status" is shown as "N/A," it means the device has not been properly enrolled or linked to Defender for Endpoint.

admin
office 365
Office Scripts
  • Mks_1973's avatar
    Mks_1973
    Iron Contributor
    Nov 30, 2024

    The device has not successfully enrolled in Microsoft Defender for Endpoint (MDE):

    First your need to verify the pre-requisits:
    Verify that the correct Microsoft 365 Defender or Microsoft Defender for Endpoint licenses are assigned to the user or device.
    Ensure the device has access to all required Microsoft Defender for Endpoint URLs and IP addresses. Refer to the Microsoft Endpoint URLs documentation.
    Confirm the device OS version is supported by MDE. For Windows, ensure it’s running a supported version of Windows 10/11 or Server.
    The onboarding script must be run with administrative privileges.


    Check the onboarding script’s log file. Logs are typically found in:
    C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Logs
    (Then Look for errors indicating failure during the onboarding process.)


    Run the script manually using Command Prompt or PowerShell with administrative rights:
    powershell -ExecutionPolicy Bypass -File OnboardingScript.ps1

    (The script should provide an output confirming enrollment success)



    Run the following command in PowerShell to confirm the MDE client status:
    Get-MpPreference



    Check the registry key to confirm onboarding:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status



    Go to the Microsoft Defender for Endpoint portal and search for the device by name or ID.
    Confirm that the device appears as Managed in the portal.
    If the status is still "Managed by Unknown" or "N/A," the device has not successfully communicated with the MDE service.



    Ensure the device can communicate with the MDE service:
    Test-NetConnection -ComputerName wdatp.microsoft.com -Port 443
    (If this fails, verify proxy or firewall configurations.)



    Check for third-party antivirus or endpoint protection solutions that might conflict with MDE.
    Disable or uninstall conflicting software, if possible.

    Remove the device from MDE using the offboarding script, then reapply the onboarding script.
    Download the latest scripts from the Defender portal.


    Reboot the device after onboarding. Some configurations take effect only after a restart.
    Check Event Viewer for logs related to Defender for Endpoint.


    Force the device to sync with the Defender for Endpoint service:
    Start-MpWDOScan

Resources