Forum Discussion
Endpoint Protection not installed on non-Azure servers
Hi all,
I've used the "Onboard servers to Security Center" with a workspace for our non Azure servers. The agent got installed successfully and could see the server on Microsoft Defender ATP as well as active. However, on the Azure Security Center dashboard, under recommendations, I see those servers as "Endpoint Protection not installed on non-Azure servers". Have an open ticket with Microsoft for almost a month without any resolution. Anyone faced this issue before and found a possible solution?
Thanks!
8 Replies
EliMicrosoft
Please search the Log Analytics workspace in which the machine is connected to for the ProtectionStatus logs.
Query to target your computer looks like:
ProtectionStatus | where Computer has "<your computer name>"check the ProtectionStatusRank. Anything other than 150 indicate unhealthy state.
If no logs return then it might be computer connection to workspace issue, check the 'Heartbeat' on the same query window
Eli The query that shows that the end point not installed is as below:
*removed data that are our environment specific.
ProtectionStatus| where (ComputerEnvironment != "Azure" or isempty(ResourceId)) and (TypeofProtection == "Malicious Software Removal Tool" or TypeofProtection == "No Anti-Malware Tool was detected")| where tolower(SubscriptionId) in ("SUBSCRIPTION_ID") or isempty(SubscriptionId)| summarize AggregatedValue = count() by Computer| limit 1000000000With the query you gave:ProtectionStatusRank 450 ProtectionStatusNot ReportingProtectionStatusDetailsNot reporting - Unable to collect dataSignatureVersionUnknownTypeofProtectionMalicious Software Removal ToolComputerEnvironmentNon-AzureTypeProtectionStatus- EliNot Reporting means just that. How is the Heartbeat?
