Forum Discussion
Server 2012R2 and Server 2016 not reporting WDATP sensor data
We recently on-boarded a handful of Server 2012R2, 2016, and 2019 servers, as well as some Win10 laptops. All show "last seen" dates that are current. However, none of the 2012R2 or 2016 servers are reporting their exposure, inventory, etc. data at all to the WDATP Dashboard.
Our 2019 servers and Win10 laptops are reporting correctly and fully it appears. We on-boarded the 2012R2/2016 servers via installation of the MMA agent with the Workspace ID/Key combo. They ARE seen in WDATP dashboard, just don't appear to be reporting any useful data like the 2019/Win10 machines are. We have ruled out OS and network firewalls as issues.
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
- Gavin_WickensCopper Contributor
Dave Elerick - I am finding this too despite Windows 2008R2, Windows Server 2012R2 and Windows Server 2016 now being officially supported for Threat & Vulnerability Management: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os
- ThomasVrhydnBrass Contributor
Gavin_Wickens Guys, I found a solution. When i put my portal in the public preview mode. The sensor is reporting everything fine. Now i see the data for the 2012 r2 en 2016 machines also. Can you try is also?
- Dave ElerickCopper Contributor
ThomasVrhydn - I just enabled the preview features now. I will check back on the portal in a bit. Was your 2012r2 and 2016 view changed immediately after you enabled preview features?
- ThomasVrhydnBrass Contributor
Gavin_Wickens I'm still facing the same issue at my clients. Is there any news?
- Gavin_WickensCopper ContributorThomasVrhydn I have an open support call and it has been escalated after hours of troubleshooting. Will update here when I get a response.
- --Al--Copper ContributorI too have noticed this recently Dave - interested in any reply
- DannyC_GammaBrass Contributor
Dave Elerick This functionality is a part of the Threat & Vulnerability Management feature.
Currently, only Windows 10/2019/1903 are supported. I'm led to believe the functionality will be backported into 2012R2/2016 at some point in the future
- Dave ElerickCopper Contributor
Ok DannyC_Gamma , I understand. I guess that MSFT was a bit confusing then with their information and tools. Why would one even want to on-board 2012/2016 servers at this time then? They offer the tool (MMA agent). The current info and tools available on their on-boarding page would make sense if they plan to back-port that functionality, at least to 2016 given Defender is baked in. Odd, but now explainable. Thank you very much.
- DannyC_GammaBrass ContributorYou still benefit from the EDR functionality so still very much worth deploying across your server estate, in my opinion. The Threat & Vulnerability stuff wasn't part of the original functionality and was seen as being very much a bonus for us.
I will agree that information wasn't great. Also, I seem to recall that, going back to late last year, the MMA wasn't required for 2016 Server. Shows that Microsoft are moving quickly with this product - the evolution has been fairly rapid.
- Niklas_001Copper Contributor
DannyC_Gamma , do you know if there are any roadmap on support for sensor data on Server 2012R2/2016? Works great for 2019/Win10 but is a bit crippled when not able to use it for all servers.
- DannyC_GammaBrass Contributor
Niklas_001 The only information I've had from Microsoft on this is that the functionality is "coming soon" 🙂