Forum Discussion
Devices stuck in Passive Mode
Hello. We recently have switched over to Defender for Endpoint as our primary anti-virus. We were exploring ASR rules when we realized that a large number of our endpoints were not being put into a...
How are you onboarding the devices to Defender? Are you moving away from a non-MS AV solution?
- rahuljindal-MVP We are onboarding via SCCM but have Intune set as the Manager of Endpoint Protection. The devices are co-managed. We un-installed the previous anti-virus some time ago so defender should be the sole anti-virus solution on the devices.
- Is Defender available a provider in Security Center? Do you have this registry configured by any chance?
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender, DisableAntiSpyware=1- I think we discovered the problem. We are currently Co-Managed between SCCM and Intune. We were using SCCM for the Onboarding piece of Defender but some time ago we chose to set Intune as the primary manager of Endpoint Protection. Our guess is that this was causing some kind of conflict because the devices were looking to SCCM for their policy (and were showing as Onboarded) but they should have been onboarded via Intune. We did a test by offboarding a few devices, then re-Onboarding them with Intune and those devices are no longer stuck in Passive Mode.
We are working on doing a larger scale offboard then re-onboard now to confirm the fix.
