Having issues with Run-MDEAntiVirus Playbook

Brass Contributor



I'm having issues getting the Run-MDEAntiVirus playbook working.


I have created it using the Github template, assigned the managed instance rights to Sentinel and the Defender ATP. 


When it is triggered I get the following error message.



From what I can see the post command is not sending over the MDATPDeviceId.



The information from the entries Get-Hosts does provide the host and the MDATPDeviceId information so I'm a little lost on what is going on.


Could anyone help me please?





2 Replies
Just redeployed the playbook from Sentinel and output does not match the screenshots from the Github information - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-MDEAntivirus

Raised a MS support call for this. It appears the templates in Sentinel are cached and not being refreshed from the Github content.