Mar 29 2021 11:43 PM
Is it known that in some cases onboarding to Defender for Endpoint can cause force reboot with 2 minute notice? Do we know when the reboot is forced and why for others this reboot does not happen? Is there some dependencies that need to be present (installed) if not exists?
Mar 30 2021 03:45 AM
Mar 30 2021 12:44 PM
@Thijs Lecomte I cannot get my hands on a test device where I could do proper testing of onboarding due to covid-restrictions. I work for MSP so these devices are not from my own organization. This is also why I don't have full access to these devices (which are Windows 10 2004) and I cannot see event viewer which would tell me something of the reboot. So it's not 100% verified that the reboot is caused by the onboarding, but out of 4 devices that were onboarded 3 got forcefully rebooted within an hour of onboarding. No one else's device force rebooted during the day that day. So I'm suspecting it's the MD for Endpoint onboarding. They have Microsoft Defender Antivirus in use, no other AV solution installed.
You mentioned "issue". So you'd categorize force reboot during onboarding an "issue"? I have done just a few onboardings but mostly servers thus far. They did not reboot as far as I can remember.
Mar 31 2021 12:18 AM
Apr 12 2021 04:49 PM
SolutionApr 13 2021 01:10 AM - edited Apr 13 2021 01:10 AM
You are most likely right. I've come to believe that there is other configuration being pushed at the same time as the MDE onboarding happens and one of those changes causes force reboot. I just do not know which one. But all in all it is most definitely something else.
Apr 13 2021 04:38 AM
Apr 28 2021 10:14 AM
Apr 12 2021 04:49 PM
Solution