MDATP Windows 10 onboarding | Intune

Iron Contributor

Hi,

I created a pilot group of 10 users and onboarded them to MDATP by creating Microsoft Defender ATP (Windows 10 Desktop) Configuration Profile in Intune. The users got successfully onboarded and machines reflected in the MDATP Security Center Portal.

 

Now when I have added around 100 more users to the same pilot group, I am getting the device status of these new machines either as Conflict or Pending in the Intune Portal. And hence the machines are not seen in the MDATP portal. Among 100, there are also around 10 machines for which there are no reported status. 

 

Appreciate if someone can let me know if I am doing something wrong here or need to check for any additional steps.

 

@Thijs Lecomte @Oliver Kieselbach @Matt Soseman 

4 Replies
Are there any outbound rules in your firewall blocking access to the Defender URL's?
And if you run the detection test does this resolve the issue?
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detec...

Also, did you assign the appropriate licenses to the user who are using the endpoints?
If there is a conflict you probably have a policy that also does onboarding (maybe an endpoint security one). But this should not impact the devices that you see in MDE.

Have you checked this script to see if you have correct connectivity? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure... (needs to be done locally)

This provides some info on where to search for errors in the event viewer. What do you see here?
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/troublesh...

It was one of the conflicting endpoint security policy. I have deleted that now and now there are no machines with conflict status.

 

Still I could see 8-10 machines with pending status, any steps to troubleshoot the same.

Have you checked the event viewers I linked before? As well as ran the connectivity tool?