Forum Discussion
Solved
Devices are not showing logged on users
The environment is hybrid with devices being managed by Intune. We are also using Microsoft Defender for Business so maybe that's why this feature isn't working. On Settings > Endpoints > Adv...
- Sure enough, another little thing to keep us down.
Their reply:
"I have noticed that you are currently having Defender for Business. Defender for Business will not let you see the currently logged-on user of a device, can't see device groups, and detection rules. This is the reason why you are not seeing currently logged in users. "
The logged on user shows in Intune. Why they can't show it in Defender is just stupid games. I asked for the documentation explicitly stating this limitation.
Sure enough, another little thing to keep us down.
Their reply:
"I have noticed that you are currently having Defender for Business. Defender for Business will not let you see the currently logged-on user of a device, can't see device groups, and detection rules. This is the reason why you are not seeing currently logged in users. "
The logged on user shows in Intune. Why they can't show it in Defender is just stupid games. I asked for the documentation explicitly stating this limitation.
Their reply:
"I have noticed that you are currently having Defender for Business. Defender for Business will not let you see the currently logged-on user of a device, can't see device groups, and detection rules. This is the reason why you are not seeing currently logged in users. "
The logged on user shows in Intune. Why they can't show it in Defender is just stupid games. I asked for the documentation explicitly stating this limitation.
Wow that’s quite annoying! Really appreciate you posting the reason. I’m starting to feel pretty **bleep** because I was the one pushing to drop our existing platform and move to Defender because it was included with our M365 BP licenses and that it was basically P1 and parts of P2. I really wish more of these limitations were clearly stated. Their “what’s in DfB” chart that highlights parts of P1 and P2 needs to specify that just because all of the P1 features are includes, it’s NOT DfE P1. Sigh.
- Overall, I'm pretty happy with Defender for Business and the Intune management of the Security Baselines, ASR rules, Firewall, BitLocker, etc. It's all pretty solid.
It's the little things they do, like this, to keep this sku different from P2. It's just annoying.- But it's also not even considered P1 (even though it has every bulleted feature). Take Device Groups for example (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldwide). It requires Defender for Endpoint P1 or P2 but it does not work in DfB.