May 06 2021 07:38 AM
I want my multi-user session hosts to get onboarded to Defender for Endpoint using the single entry for each device option. I'm following the instructions at Onboard non-persistent virtual desktop infrastructure (VDI) devices | Microsoft Docs. I have configured a local group policy object on the golden image to run the onboarding script at startup. But the VM is NOT getting onboarded at startup. However, if I run the script manually from C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup, it works -- but only after I answer Y to the prompt to change the execution policy.
I have also tried configuring a GPO in my Azure AD DS domain, as described in Onboard Windows 10 multi-session devices in Windows Virtual Desktop | Microsoft Docs, and I think I'm running into the same problem that way because the onboarding script is not digitally signed.
What exactly should I be doing on the golden image regarding execution policy to allow the Defender onboarding script to run on startup on brand new machines created from the image?
Oct 22 2021 10:05 AM
Oct 22 2021 10:10 AM
@ellengur No, but to be honest I gave up trying. We don't deploy that many session hosts, so I just built manual onboarding into our deployment procedures.
Oct 22 2021 10:12 AM
Oct 23 2021 03:45 PM - edited Oct 23 2021 03:47 PM
Have you checked this article, to make sure your setup is correct: https://sokolovtech.com/wvd/20-microsoft-defender-for-endpoint-mdatp-and-windows-virtual-desktop-wvd...
I would suggest going through this article and checking if you have configured everything as described in this article.