Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

365 security endpoint missing KBs

Brass Contributor

How often does the ATP defender client update the KBs installed. 

I have a machine that was patched 2 days ago but it not reflecting on the missing KBs section of the device inventory. 

Last seen was 5 minutes ago.

 

We're struggling to find a good way to report at both the macro and micro level on windows patch level in intune.

 

jb

 

 

4 Replies

@Jason_B1025 If you are using TVM (Threat & vulnerability Management) from defender, you could add the reported vulnerability to remediation task and you could track the progress from there. I have a video on TVM here Microsoft Defender ATP Training Series Part 2: Threat & Vulnerability Management (TVM) - YouTube

 

If you use MEM portal, you could see the status via Use Update Compliance reports for Windows Updates in Microsoft Intune - Microsoft Intune | Microsoft...

@Jason_B1025 The problem was solved? I have several computers the same, the patches or updates are already installed but they continue to report that they are missing. I don't know if a service has to be restarted or a firewall problem, but run the test detection and it works

Have the same situation.
Several devices have connectivity to WD ATP and installed updates. But there is a list of Missing KBs for almost an year on the portal.
We have found the problem with WIndows Server OSes (Microsoft Monitoring agent to connect to WD ATP was not uninstalled after in-place upgrade and there were two different ways to connect to WD ATP), but do not know what the root cause for Windows 10 OSes.
We started pulling data from log analytics, intune, and our asset manage solution samange to compare the OS version numbers. We haven't added the data from seucurity center yet (need to figure out how to pull that from the api) based on those 3 sources we flag machines two versions back and send tech to see why they are not patching.
So right now I haven't solved the few that were not updating in security center we are focus on getting an accurate view of our patching. Now why some Intune computers are not patching, that's another mystery to solve.