cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MDATP - "no sensor data" Alert

Thomas Höhner
Copper Contributor

‎Nov 20 2019 09:54 AM

‎Nov 20 2019 09:54 AM

MDATP - "no sensor data" Alert

Hi all,

I'm looking for a way to alert on clients which stop responding to mdatp from an EDR point of view. Health state in this case changes to "no sensor data" but cannot figure out how to set an alert (custom detection) on that, as I can't find a way to query for... tried a couple of queries using TVM but could not get to a working one.

Even device compliance policy still considers the affected device as compliant (mdatp compliance policy)

any help appreciated

thank you

thomas 

2,683 Views
0 Likes
1 Reply
Reply
1 Reply
Thomas Höhner

‎Dec 11 2019 09:30 AM

‎Dec 11 2019 09:30 AM

Re: MDATP - "no sensor data" Alert

Microsoft addressed this gap :)

right now you can utilize security recommendations in order to understand whether your clients are reporting successfully to mdatp.

Seams a little bit of adjustment is still necessary to differentiate even better between offline/inactive and unhealthy sensor

0 Likes
Reply