Forum Discussion
Verify the device is connected to the network and has internet access to communicate with MDE.
When onboarding a device using the DFE (Device Functionality Enhancement) onboarding script, it is expected that the device will be properly enrolled in Microsoft Defender for Endpoint (MDE) and refl...
Test internet connectivity:
ping www.microsoft.com
Ensure HTTPS communication is allowed:
Test-NetConnection -ComputerName wdatp.microsoft.com -Port 443
Verify that required URLs and ports for MDE are allowed through your firewall/proxy
Execute the onboarding script as an administrator:
powershell -ExecutionPolicy Bypass -File OnboardingScript.ps1
(Download the latest onboarding script from the Defender portal under Settings > Device Management > Onboarding.)
Get-WindowsFeature -Name "Windows-Defender-Features"
if not installed:
Install-WindowsFeature -Name "Windows-Defender-Features"
Use PowerShell to check MDE status:
Get-MpPreference
MpCmdRun.exe -SignatureUpdate (To ensure defender difinitions are up to date)
Reebot and run: sc qc sense
Offboard the device if necessary by running the offboarding script:
powershell -ExecutionPolicy Bypass -File OffboardingScript.ps1
sc control sense paramchange (Trigger a sync)
