Forum Discussion
How offborded and deleted device.
I have 1 device which i can't offboarded or deleted.
When i onborded (use policy in MEM) device Win10 20H2. All was fine. Sensors - Active.
After upgrade OS to Win 10 21H2. Sensor status has become "No sensors data".
I used difrent ways to resolv problem.
Live Response session and MDE Client Analyzer. Results - all tests connectivity completed successfully.
Try offboarded - local scrip, MEM policy. On device status Offboarded. On portal MS 365 defender status - Onboarded.
Used API
Get https://api.securitycenter.microsoft.com/api/machines/9*******0
"lastSeen": "2022-06-15T03:55:01.3802913Z",
"healthStatus": "NoSensorData",
"onboardingStatus": "Onboarded",
Post https://api.securitycenter.microsoft.com/api/machines/9*******0/offboarded
"code": "InvalidRequestBody",
"message": "Request body is incorrect"
Any ideas how fix that?
1 Reply
I solved my problem.
Tried various cleanings and checks. Nothing helped.
I disabled MS Defender (using policies in Intune).
And deleted all folders from
C:\Program Files\Windows Defender Advanced Threat Protection
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection
And deleted in regedit
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat ProtectionDid a reboot.
launched
DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow
Did a reboot.
All services have been restored.
The device has been redefined.
Devices running Windows 11 automatically enroll using MEM MS Defender for Endpoint - Onbording profile
Everything worked right away. Within 10 minutes, the device was already connected to the MS 365 Defender portal. Now all telemetry is transmitted normally. The sensors are working.
