SOLVED

Devices are not showing logged on users

Iron Contributor

The environment is hybrid with devices being managed by Intune.

 

We are also using Microsoft Defender for Business so maybe that's why this feature isn't working.

 

On Settings > Endpoints > Advanced Features, the setting Show user details is enabled.

 

If I navigate to Device Inventory and click on any device, the Logged on users area says 0. It doesn't matter the time range or device, this status isn't being populated.

 

Is there a setting or requirement I'm missing to be able to see this?

8 Replies

@Marc Laflamme  Did you ever figure this out?  Same situation as you (Hybrid, Defender for Business) and ours shows the same - 0 logged on users.

Hey @MikeSlates , sorry no I did not. If I ever do I'll try to remember to update this thread.

I opened a Service Request with Microsoft. We'll see.
They always try to prune things down with Def for Business.
Or they'll say "this is part of Def for Identity".

Ridiculous...
Oh I have also recently discovered that there's a difference between them. I thought that because it included things from P1 and P2 then it would naturally act like P1 and P2 but nope! Yeah I really dislike how they treat it like something totally different.
best response confirmed by Marc Laflamme (Iron Contributor)
Solution
Sure enough, another little thing to keep us down.
Their reply:
"I have noticed that you are currently having Defender for Business. Defender for Business will not let you see the currently logged-on user of a device, can't see device groups, and detection rules. This is the reason why you are not seeing currently logged in users. "

The logged on user shows in Intune. Why they can't show it in Defender is just stupid games. I asked for the documentation explicitly stating this limitation.
Wow that’s quite annoying! Really appreciate you posting the reason. I’m starting to feel pretty **bleep** because I was the one pushing to drop our existing platform and move to Defender because it was included with our M365 BP licenses and that it was basically P1 and parts of P2. I really wish more of these limitations were clearly stated. Their “what’s in DfB” chart that highlights parts of P1 and P2 needs to specify that just because all of the P1 features are includes, it’s NOT DfE P1. Sigh.
Overall, I'm pretty happy with Defender for Business and the Intune management of the Security Baselines, ASR rules, Firewall, BitLocker, etc. It's all pretty solid.
It's the little things they do, like this, to keep this sku different from P2. It's just annoying.
But it's also not even considered P1 (even though it has every bulleted feature). Take Device Groups for example (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-...). It requires Defender for Endpoint P1 or P2 but it does not work in DfB.
1 best response

Accepted Solutions
best response confirmed by Marc Laflamme (Iron Contributor)
Solution
Sure enough, another little thing to keep us down.
Their reply:
"I have noticed that you are currently having Defender for Business. Defender for Business will not let you see the currently logged-on user of a device, can't see device groups, and detection rules. This is the reason why you are not seeing currently logged in users. "

The logged on user shows in Intune. Why they can't show it in Defender is just stupid games. I asked for the documentation explicitly stating this limitation.

View solution in original post