cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ATP sensor moved to another tenant is still showing in former tenant

ggaurav79
Copper Contributor

‎Oct 11 2023 02:27 AM - edited ‎Oct 11 2023 02:52 AM

‎Oct 11 2023 02:27 AM - edited ‎Oct 11 2023 02:52 AM

ATP sensor moved to another tenant is still showing in former tenant

We have uninstalled ATP sensor from Tenant1, then re-installed with ATP sensor package downloaded from Tenant2, this was done a few months ago, but they are still reporting under "Microsoft secure score" with recommended action "install defender for identity sensor on all domain controller". I have verified they are not listed under identities > sensors list. Do any one has similar issue? is there a fix to remove the moved sensors from former tenant's "Microsoft secure score"?

473 Views
1 Like
8 Replies
Reply
8 Replies
eliekarkafy

‎Oct 11 2023 02:48 AM

‎Oct 11 2023 02:48 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

The score should be calculated every day. The process to do this starts at about 1AM pacific time but it will take a few hours to run.
1 Like
Reply
ggaurav79

‎Oct 11 2023 02:51 AM

‎Oct 11 2023 02:51 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

Sorry, my bad, forgotten to add that it was done a few months ago, if you know any fix
0 Likes
Reply
eliekarkafy

‎Oct 11 2023 02:54 AM

‎Oct 11 2023 02:54 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

@ggaurav79 did you deleted the sensor from the MDI settings? or the old sensor still appearing there ?

eliekarkafy_0-1697018033270.png

 

1 Like
Reply
ggaurav79

‎Oct 11 2023 02:56 AM - edited ‎Oct 11 2023 02:58 AM

‎Oct 11 2023 02:56 AM - edited ‎Oct 11 2023 02:58 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

Yes, I have uninstalled them first and deleted as well from sensors list. I have verified they are not listed under settings > identities > sensors list (in tenant1)

0 Likes
Reply
eliekarkafy

‎Oct 11 2023 03:02 AM

‎Oct 11 2023 03:02 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

@ggaurav79 I suggest you open a ticket with the MS team so they can check your tenant in the backend because secure score have a scheduled tasks that run in the background and it might be failing to update your secure score 

1 Like
Reply
ggaurav79

‎Oct 11 2023 03:07 AM

‎Oct 11 2023 03:07 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

Thank you for good info, I'll create a ticket for MS support as i thought earlier but it was worth checking in this discussion board :).
Last thing, Do you know, if keeping the "Microsoft Azure recovery services agent" and "Microsoft monitoring agent" from/into same previous Tenant1 may causing this behavior?
0 Likes
Reply
thalpius

‎Oct 11 2023 07:33 AM

‎Oct 11 2023 07:33 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

If you have a sensor running in a domain reporting to tenant1, then this sensor will report that there are Domain Controllers without a sensor. So, it's not about where the sensor is installed, but if there is still a sensor running which reports to the cloud that there are Domain Controllers without a sensor.

Note: Even though there are still some references from "Azure ATP" in the product, the product is called Microsoft Defender for Identity for a long time :)
0 Likes
Reply
ggaurav79

‎Oct 12 2023 03:21 AM

‎Oct 12 2023 03:21 AM

Re: ATP sensor moved to another tenant is still showing in former tenant

@thalpius Yes and agreed what you said ! I knew and understand that even one installed sensor will report if there are any other domain controllers missing the MIDI setup in same domain.
Though, the problem is, regardless that we have removed them from one tenant, they are still coming in Secure score report which they shouldn't. I have already reported a case to Microsoft.

0 Likes
Reply