Forum Discussion
Please delete this post
Please delete this post
- AhmedBadawyCopper Contributor
I would believe this is normal, The first task of the script is to run the service. When you open CMD of the onboarding script check line 82.
It should start with
"echo Starting the service, if not already running"
I believe you are onboarded correctly. If you would like to ensure you are reporting to the correct tenant, run the test threat script which you can download from the security portal. It should be reflected to the tenant in 5 minutes as threat under this specific server status.
You can also check if the correct Tenant ID has been set on your machine. You should get your onboarding tenant ID from the script line 63 under reg key "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection"according to the message you displayed, your onboarding didn't fail, it was success
Hope this helps
- jbmartin6Iron ContributorI think you would have to wipe the machine if you don't have access to the original tenant to generate the signed offboarding package. I could be wrong, I am relatively new at this, but AFAIK this is by design, we don't want attackers to be able to simply offboard machines to cover their tracks.