This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 86%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU2%3C/text%3E%3C/svg%3E)
I am planning the deployment of Defender for Endpoint Plan 1 clients across our enterprise. I would prefer using MECM, because we don’t have our Win10 endpoints enrolled in InTune. We need to manage the clients after they are deployed.
The article https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#monitor says that to Monitor clients using MECM, go to the dashboard at Monitoring > Security > Microsoft Defender ATP Status. At that page I see a piechart for Microsoft Defender ATP Agent Health, which shows percentage of clients that are Healthy, Inactive, Agent stopped, or Not onboarded. See attached << MECM-ATPagentHealthDashboard.png>>.
But when I click on any pie slice, it does not give a listing of the clients. How do I get such listings in MECM console?
If I am forced to use Intune, I can get such listings at Endpoint Manager admin center’s Microsoft Defender Antivirus Agent Status report, which has client health columns for MDE Sense Running State and MDE Onboarding Status. See attached << EndpointMgrShowsMDEsenseRunningState.PNG>>. I am hoping that MECM can give me the equivalent.
Hi,
Thanks very much for your feedback and sharing. Here's a short summary for the problem, hope it could help other users to search for useful information more quickly.
Problem/Symptom:
Where in the MECM console can we get a list of unheathy Defender for Endpoint clients?
Solution/Workaround:
Unlike Intune, MECM does not list unhealthy Defender for Endpoint clients right now.
Thanks again for your time! Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
The answer is No, unlike InTune, MECM does not list unhealthy Defender for Endpoint clients. This according to Sani Sheikh of Microsoft.
Hi,
Thanks for posting in Microsoft MECM Q&A forum.
1,Have you ever successfully onboarded the devices by providing the configuration file, Workspace key, and Workspace ID to Configuration Manager?
2,If the onboarding completed successfully but the devices are not showing up in the Devices list after an hour in Configuration Manager, please refer to official article to check if an error occurred with the Microsoft Defender for Endpoint agent:
Troubleshoot onboarding issues on the device
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I have not yet onboarded any devices. My question is not about troubleshooting onboarded devices that don't show up in the MECM console, it is about how to find Defender for Endpoint clients that change to unhealthy for whatever reason. Where in the MECM console can I get a list of such unheathy Defender for Endpoint clients?