Forum Discussion
Solved
Server 2012R2 and Server 2016 not reporting WDATP sensor data
We recently on-boarded a handful of Server 2012R2, 2016, and 2019 servers, as well as some Win10 laptops. All show "last seen" dates that are current. However, none of the 2012R2 or 2016 servers are reporting their exposure, inventory, etc. data at all to the WDATP Dashboard.
Our 2019 servers and Win10 laptops are reporting correctly and fully it appears. We on-boarded the 2012R2/2016 servers via installation of the MMA agent with the Workspace ID/Key combo. They ARE seen in WDATP dashboard, just don't appear to be reporting any useful data like the 2019/Win10 machines are. We have ruled out OS and network firewalls as issues.
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
18 Replies
Dave Elerick - I am finding this too despite Windows 2008R2, Windows Server 2012R2 and Windows Server 2016 now being officially supported for Threat & Vulnerability Management: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os
Gavin_Wickens Guys, I found a solution. When i put my portal in the public preview mode. The sensor is reporting everything fine. Now i see the data for the 2012 r2 en 2016 machines also. Can you try is also?
ThomasVrhydn - I just enabled the preview features now. I will check back on the portal in a bit. Was your 2012r2 and 2016 view changed immediately after you enabled preview features?
Gavin_Wickens I'm still facing the same issue at my clients. Is there any news?
- ThomasVrhydn I have an open support call and it has been escalated after hours of troubleshooting. Will update here when I get a response.
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
DannyC_Gamma , do you know if there are any roadmap on support for sensor data on Server 2012R2/2016? Works great for 2019/Win10 but is a bit crippled when not able to use it for all servers.
Niklas_001 The only information I've had from Microsoft on this is that the functionality is "coming soon" 🙂
Ok DannyC_Gamma , I understand. I guess that MSFT was a bit confusing then with their information and tools. Why would one even want to on-board 2012/2016 servers at this time then? They offer the tool (MMA agent). The current info and tools available on their on-boarding page would make sense if they plan to back-port that functionality, at least to 2016 given Defender is baked in. Odd, but now explainable. Thank you very much.
Just wondering if you have checked the ASC functionality for Server is not what you are looking for?
As far as I know WDATP is focused on Endpoint and when you install MMA on a Server, that ends up reporting to ASC for the three main panels (Compliance, Hygene and Threat Protection).
You will still benefit from the EDR side of it - but all the "other stuff" should be available in ASC, not WDATP.
- I too have noticed this recently Dave - interested in any reply
