Assigning and Onboarding WDATP License/Package

Highlighted
New Contributor

Hi all,

 

We did finalize with the POC and we did purchased the licenses for the endpoints (Windows/MacOS)

During the POC we did onboard mac and windows OS and it was working seamlessly and perfectly fine.

 

Since we purchased the licenses, I believe couple of changes happen from the system admin side whom managing the admin.microsoft portal.

 

Questions/Issues

1- how to download POC off-boarding package if we don't have the access for the POC tenant anymore?

2- Can we reassign the license to different user? will it cost additional license or it will utilize the existing license?

3- Currently we manually have to assign production license one by one for each user from admin.microsoft portal, is there a way to automated and assign licenses automatically for all the users because we have approx 2,000 employees and our approach is not practical, can we do something like (e.g. Import list of usernames)?

 

ISSUES

Honestly we never had issues on Windows environment! however, when it comes to MacOS we faced couple of challenges and apparently it increased since we moved to production license. (Sample below) -

1- Popup message showing "No license found"

2- Mac Machine after few days health status become"no sensor data, impaired communications"

3- Mac Machine not getting on-boarded or reflect on MDSC Portal.

4- Mac Machine domain sometimes it shows it communicate with our domain and sometimes shows as workgroup 

 

Note: We already did follow each single troubleshooting provided by Microsoft and some advice's from Microsoft employees but still the issue occurs.

 

Below activity conducted on same sequence for onboarding MacOS machines.

  1. Assigned License for the user
  2. Install on boarding profile with passive mode via JAMF (AND) without passive mode via JAMF (Tested on two different machines applying with/without passive mode)
  3. Install Windows Defender AV
  4. Then we observed “No License Found” 

 

We do run it on passive mode because it's utilizing high CPU and RAM, and as per Microsoft recommendation is to disable real-time protection. In addition to that we are running different AV vendor.

 

Please let me know if any information required.

 

your support is highly appreciated

 

Thanks,

1 Reply
Highlighted

@_UAEx I havent tried MAC enrollment/management, but some thoughts on your other questions:

 

1- how to download POC off-boarding package if we don't have the access for the POC tenant anymore?

Had this issue with me as well. As far as I know, if you don't have the offboard script, you cant remove Defender ATP and the offboarding script is only valid for 30 days.

 

2- Can we reassign the license to different user? will it cost additional license or it will utilize the existing license?

This should be just like any other M365 license, you can reassign to another user. I usually do this when a user leaves and replaced by another person. Offboard the machine, remove the license, reassign to the new user and onboard his machine. Hope this is what you are looking for.

 

3- Currently we manually have to assign production license one by one for each user from admin.microsoft portal, is there a way to automated and assign licenses automatically for all the users because we have approx 2,000 employees and our approach is not practical, can we do something like (e.g. Import list of usernames)?

You can use Azure groups to manage licenses. https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

 

Hope this helps!