Forum Discussion
Inactive devices in security center but online in SCCM
All,
We run a report of devices in Security Center which have been more than 28 days inactive, then we compare that list with a report of SCCM where devices has been online the last 28 days. How is it possible that we have more than 50 devices which has been inactive in security center but online in SCCM?
Also we see devices 4 times in the device discovery with last seen dates of 10 and 13 june and 8 and 16 july.
Does anyone know if there is something wrong with the reporting functions of defender for endpoint?
Best regards
Arjan
2 Replies
yongrheemsftMicrosoft
Hello Arjan Veen, van,
There is a possibility that you'll might be experiencing network connectivity issues. One of the common issues is that there is SSL inspection in the firewall/proxy. The MDE URL's that use the Azure infrastructure, prevent man-in-the-middle attacks, thus, the SSL packets cannot be inspected. The URL's are listed here: https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commercial.xlsx Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide
Thanks,
Yong Rhee - MSFT- Thanks for this information, we are going to investigate this!
Best regards
Arjan