Mar 10 2021 05:03 AM - edited Mar 10 2021 07:16 AM
Hi All,
Is there a way for us to get alerted from MS Security Center (ATP) if a device (Server) has not been seen online for more than 24hrs?
I have intentionally onboarded a server to ATP and then took away its ability to communicate outside to the internet. Can see ATP reporting server last seen more than 24 hrs ago if I drill down into the device summary. Health state still showing active.
Wondering how often Defender for Endpoint reassess the devices? Also if above is possible.
Kind regards,
Mo
Mar 10 2021 04:04 PM