MDE-Management

Brass Contributor

Hi

I have 5 2016 servers which are on the domain, sync'd with Azure in hybrid mode. They have been added to Arc and onboarded. I've tagged them in defender with the MDE-Management tag, however they dont show as managed by MDE with a enrollment of success the same way the other 100 2016 servers have.

These 5 just state
Note:The device isn’t enrolled to MDE security settings management, verify it complies withpre-requisites and that it is in scope for the feature in the MDE Settings.

 

All other 100+ servers are fine and working as they should so i know its not the setup of defender or something similar but more server specific, what troubleshooting actions can be taken?
Can this be forced?
Can this be removed from Azure AD sync, offboarded and then start the process again?

Thanks

2 Replies

@Fhilp 

So these servers..

a. are not domain controllers

b. they have the may-2023 update of the EDR package

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/windows-whatsnew?view=o36...

c. they are not running core editions

d. do not have the PowerShell restrict mode configured as below

https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?pivots=mdssc-preview

 

is this correct?

Correct