Forum Discussion

griggs31's avatar
griggs31
Copper Contributor
Aug 25, 2023

Defender not detecting test Kali Linux devices connected to network

Hello, first time posting here.  Our organization is trying to get more familiar with MS 365 Defender.  Just to see what it would discover, we connected a device running Kali Linux (not domain joined...
alerts
microsoft defender for endpoint
griggs31's avatar
griggs31
Copper Contributor
Jul 25, 2024
Eventually the Linux device we were looking for showed up as Uncategorized Devices but the operating system was being categorized as "Other" and not Linux.

We haven't had any issues with Defender XDR scanning for Networking Devices, have you tried the Network Scan option that is linked in one of the above replies? You can set up a recurring scan.
BrettR20's avatar
BrettR20
Brass Contributor
Jul 25, 2024

griggs31 I tried the authenticated scan (what I think used to be the network device scan). It's not ideal as it does a ping sweep when you set up the authenticated scan, then you have to select which IPs you want it to monitor. You'd typically only choose IPs with devices attached. If a new device shows up next month, you don't know about it unless you do another ping sweep and then add it to the list of monitored devices.

 

I might be wrong, but I suspect the problem I'm having at the moment with the device discovery not working, and devices not showing up in the device inventory, is due to this weeks-old issue Microsoft have listed in their Service Health dashboard:

 

Users may be unable to view data for multiple features in Microsoft 365 Defender for Endpoint

 

Issue ID: DZ809858
Affected services: Microsoft Defender XDR
Status: Service degradation
Issue type: Advisory


Start time: Jul 10, 2024, 12:54 AM GMT+10

More info
Affected data includes but may not be limited to:

  • Advanced Hunting

  • Device Inventory

  • Device Timeline

  • Network Malicious Activity alerts

This issue would also affect Microsoft Sentinel when forwarding the Microsoft Defender for Endpoint signal from Advanced Hunting to the Sentinel service.

 

Scope of impact
This issue may impact any user on Windows Server 2022 build 20348.2527 or newer attempting to view networking data for multiple services in Microsoft 365 Defender for Endpoint.

 

Root cause
A recent Windows update introduced a regression which is causing failures on the service responsible for populating this data in the Microsoft 365 Defender portal.

 

Current status

Jul 24, 2024, 2:21 AM GMT+10
We're progressing with our fix development, which is expected to address the offending update and remediate the impact. Following development, we'll conduct testing to help ensure that the solution addresses the problem without producing any unexpected problems for the service. We'll provide an estimated timeline for the deployment of this fix and the remediation of impact once it has become available.

 

Next update by:
Wednesday, July 31, 2024 at 3:00 AM GMT+10

 

Jul 10, 2024, 1:10 AM GMT+10
We've identified an issue where users may be unable to view data for multiple features in Microsoft 365 Defender for Endpoint. We've confirmed a recent Windows update introduced a regression which is causing failures on the service responsible for populating this data in the Microsoft 365 Defender portal. We're developing a code change to correct the issue which will undergo testing and validation prior to deployment. We anticipate having a timeline available for the deployment with our next scheduled update.

Resources