Defender for Endpoint VDI - definitions update from File shares no longer works after onboarding ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-2282431%22%20slang%3D%22en-US%22%3EDefender%20for%20Endpoint%20VDI%20-%20definitions%20update%20from%20File%20shares%20no%20longer%20works%20after%20onboarding%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2282431%22%20slang%3D%22en-US%22%3E%3CP%3EHey%3C%2FP%3E%3CP%3EWe%20have%20non%20persistent%20VDI%20and%20the%20VM's%20were%20updating%20at%20Start-up%20by%20downloading%20definitions%20from%20a%20UNC%20file%20share.%20This%20has%20worked%20fine%20until%20we%20then%20introduced%20the%20Defender%20ATP%20on-boarding%20script.%20The%20on-boarding%20script%20works%20(we%20can%20see%20the%20devices%20in%20the%20portal%2C%20albeit%20many%20duplicates%2C%20but%20we've%20since%20rectified%20this%20by%20using%20the%20'single%20entry'%20method%20described%20in%20the%20MS%20kb)%20-%20however%2C%20the%20local%20VM's%20do%20not%20display%20their%20Defender%20engine%20status%20(as%20below)%20-%20and%20there's%20no%20indication%20that%20they%20are%20updating%20from%20the%20file%20share%20anymore%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eattached%20are%20images%20from%20log%20file%20entries%20(are%20these%20expected)%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20stuck%20can%20anyone%20help%20as%20to%20why%20the%20File%20share%20updating%20would%20stop%20working%20for%20Security%20center-enrolled%20devices%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2282431%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hey

We have non persistent VDI and the VM's were updating at Start-up by downloading definitions from a UNC file share. This has worked fine until we then introduced the Defender ATP on-boarding script. The on-boarding script works (we can see the devices in the portal, albeit many duplicates, but we've since rectified this by using the 'single entry' method described in the MS kb) - however, the local VM's do not display their Defender engine status (as below) - and there's no indication that they are updating from the file share anymore?

 

attached are images from log file entries (are these expected)? 

 

We're stuck can anyone help as to why the File share updating would stop working for Security center-enrolled devices?

 

 

 

 

0 Replies