Forum Discussion
Defender for Endpoint alert delays
Hello, We are rolling out defender for endpoint to our big windows estate. The first batch of on boarding and subsequent testing is showing huge delays on any alerts showing in the portal (6+ hours...
burnettcmultiply hours is not fine. I see alerts mostly popping up after 2 minutes of delay. Maybe this was caused by delays from your proxy to the backends? Check this https://docs.microsoft.com/en-US/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet, to see what connections endpoints make. There is also a https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx with all IPs and connections which Defender does. Make sure, there was no bottleneck during deployment phase to these IPs/DNS/URLs. If you open the sheet, go to the left side to see all URLs. Maybe these devices had problems communicating with backend.