Forum Discussion
What is the Defender ATP equivalent to "gpupdate /force" (force an update of policies on a host)
Hi there,
When troubleshooting, how does one tell Windows "Go check with Defender ATP headquarters and update your policy right now?". I'm looking for the equivalent of gpupdate /force to force a refresh of group policy when on-prem, but for for MDATP.
Update (sorry for not zeroing in on this): I'm thinking in terms of indicators - e.g. If I go into Settings, add a File indicator, and set it to Alert and Block. I would hope that this isn't driven solely by the logs on the back-end because the block would come in awfully late.
TIA!
7 Replies
AnalystGuy If you're setting your Defender ATP configuration with Group Policy (Computer | Policies | Administrative Templates | Windows Components | Windows Components | Microsoft Defender Antivirus) then you've already said the answer, which is gpupdate /target:computer /force.
If you're using Intune, then this page might be of interest: https://oofhours.com/2019/09/28/forcing-an-mdm-sync-from-a-windows-10-client/
- What kind of policies are you talking about?
Client policies are pushed through Intune/MEMCM/GPO and the respective command for these tools should be used.
Otherwise, the MDATP cloud service doesn't push a lot of settings to usersMy apologies Thijs Lecomte - perfectly legit question; see my updated post, above
- For indicators, there isn't anyway to force it AFAIK. It periodically checks for new indicators in the MDATP portal, this shouldn't take long.
How long of a delay are you experiencing?
