Forum Discussion

thomidwi's avatar
thomidwi
Copper Contributor
Nov 29, 2024

Verify the device is connected to the network and has internet access to communicate with MDE.

When onboarding a device using the DFE (Device Functionality Enhancement) onboarding script, it is expected that the device will be properly enrolled in Microsoft Defender for Endpoint (MDE) and refl...
Mks_1973's avatar
Mks_1973
Iron Contributor
Nov 30, 2024


Test internet connectivity:
ping www.microsoft.com

Ensure HTTPS communication is allowed:
Test-NetConnection -ComputerName wdatp.microsoft.com -Port 443

Verify that required URLs and ports for MDE are allowed through your firewall/proxy

Execute the onboarding script as an administrator:
powershell -ExecutionPolicy Bypass -File OnboardingScript.ps1
(Download the latest onboarding script from the Defender portal under Settings > Device Management > Onboarding.)


Get-WindowsFeature -Name "Windows-Defender-Features"

if not installed:
Install-WindowsFeature -Name "Windows-Defender-Features"


Use PowerShell to check MDE status:
Get-MpPreference


MpCmdRun.exe -SignatureUpdate (To ensure defender difinitions are up to date)


Reebot and run: sc qc sense  



Offboard the device if necessary by running the offboarding script:
powershell -ExecutionPolicy Bypass -File OffboardingScript.ps1

sc control sense paramchange  (Trigger a sync)


Resources