cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Device Health Status - Out of date/Unknown

Rob Clarke
Iron Contributor

‎May 11 2023 09:11 AM

‎May 11 2023 09:11 AM

Device Health Status - Out of date/Unknown

Hi,

 

I am trying to get to the bottom of a problem with the device health status on servers onboarded into M365 Defender.  We have 12 servers onboarded (most 2022 with a couple of 2019) all on Azure.  7 of the servers have stopped updating the device health status on the "Devices" dashboard

 

defender1.jpg


As you can see the last update was a month ago, the odd thing is that all 7 servers have the exact same date which suggests something has stopped working on that date.

 

If I look at the other 5 servers they are happily reporting and everything is up to date (today is the 11/5/23).

 

defender2.jpg

 

One thing I find really frustrating with Defender is the lack of useful information, everything is very generic and the help just goes to articles that are usually out of date so I am not sure where I should be starting to track down the issue.  Hence reaching out to the community as I am sure I'm not the only one that has hit this issue before.

 

Any help gratefully received!

Rob

1,462 Views
0 Likes
1 Reply
Reply
1 Reply

‎May 11 2023 09:57 AM

‎May 11 2023 09:57 AM

Re: Device Health Status - Out of date/Unknown

@Rob Clarke 

I understand your frustration with the lack of specific information and outdated help articles. When troubleshooting the issue with device health status not updating in Microsoft 365 Defender, there are several steps you can take:

1. Check Defender for Endpoint service status: Ensure that the Microsoft Defender for Endpoint service is running properly. You can check the service status on the Microsoft 365 Defender Service Health dashboard or the Microsoft 365 admin center. Look for any reported service disruptions or issues that could affect device health reporting.

2. Review event logs on affected servers: Check the event logs on the affected servers to see if there are any error messages or warnings related to the Defender for Endpoint service or device health reporting. Look for any specific events or patterns that could help identify the cause of the issue.

3. Verify network connectivity: Confirm that the affected servers have proper network connectivity to the Defender for Endpoint service. Ensure that there are no firewall rules or network configurations blocking the communication between the servers and the Microsoft 365 Defender service endpoints.

4. Update Defender for Endpoint: Make sure that the Defender for Endpoint software is up to date on the affected servers. Check for any available updates and install them. It's possible that an outdated version of the software could be causing the issue.

5. Review Defender for Endpoint configuration: Double-check the configuration settings for the Defender for Endpoint service on the affected servers. Ensure that the required features and settings are enabled and properly configured.

6. Contact Microsoft Support: If the issue persists and you're unable to identify the root cause or resolve it on your own, it's recommended to contact Microsoft Support for assistance. They can provide more in-depth troubleshooting steps and guidance specific to your environment.

When contacting support, be prepared to provide details about the affected servers, any error messages or event logs, and steps you've already taken to troubleshoot the issue. This will help the support team to better understand the problem and provide appropriate assistance.

Remember to document any relevant information or findings during the troubleshooting process, as it may be useful for future reference or when working with support.

 

If I have answered your question, please mark your post as Solved
If you like my response, please give it a like
0 Likes
Reply