Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Signature update finished. No updates needed. Co-managed device

Copper Contributor

I have an issue where Security Intelligence update is being delayed by a number of days and can't figure out why.

Currently testing migrating from another AV product to Defender for Endpoint(3rd Party AV has been uninstalled) current set up is;

Device Hybrid Joined

Co-management with SCCM / Intune. SCCM handling Windows Update. Intune managing Defender. (AV, Firewall, ASR, Web Content Filtering) all this works apart from Security Intelligence updates every hour as configured in Intune! 

 

Signature Updates appear to wait until they are over 72hrs before updating, and I can't force the update as I get the following:

C:\Program Files\Windows Defender>MpCmdRun.exe -SignatureUpdate
Signature update started . . .
Signature update finished. No updates needed

 

Amended SCCM default Antimalware policy sources to WinUpdate and MMPC and to update every 1hr incase these somehow are impacting 

 

Can anyone help what could be causing this delay please? 

 

MDEClientAnalyzer Results

SecurityIntelligenceVersion Please note that this machine is running with outdated security intelligence version. It is recommended to apply the most recent security intelligence version to ensure optimal protection and compatibility.

Defender AV Service Status Running
Windows Security Center Service Status Running
Windows Security Health Service Status Running
Defender AV mode Active
Defender Network Protection Service Running
Defender Network Protection Driver Running
Defender AV Platform Version 4.18.23110.3-0
Defender AV Security Intelligence Version 1.403.2882.0
Defender AV engine Version 1.1.23110.2
Defender Is Tamper Protected True
Defender Tamper Protection Source Intune
Defender Is Tamper Protection Exclusions Enabled False
Defender Network Protection Mode Block Mode

 

Enrollment Status Device is managed by MDM Agent (3)
Domain Joined YES
Azure AD Joined YES
Workplace Joined NO

MDM Enrollment state MDM enrolled

 


System-wide WinHTTP proxy Direct access (no proxy server).

Device has internet access and we'd like the device to update direct from the cloud, no Firewall blocks, device has access and does update sometime after 72hrs..

 

get-mppreference

SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 120
SignatureScheduleDay : 8
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 1
SubmitSamplesConsent : 1

 

Get-MpComputerStatus

NISSignatureAge : 4

 

Intune setting from AV Policy:

 

IntuneSigUpdate.PNG

4 Replies

@seerg 

 

Same issue, any luck? 

We have the same issue.  Need to know resolution ASAP@ryuaced 

Microsoft has not identified the issues yet. We have had a SEV A open with them over this exact topic with no resolution as of yet

@The4thLegacy  thanks for the reply, if you do get a fix on your Sev ticket please could you let us know here?