question

Jayd-0666 avatar image
0 Votes"
Jayd-0666 asked SathishKumarPatchaiappan-2219 answered

Endpoint Security inactive Agents

Hello Community,

we have the following issue. We recently startet using Windows Endpoint Security. We already Synced Devices into intune. We set up an Antivirus Policy. But when we take a look at the Summary of the Antivirus, we have a lot of inactive Agents displayed. The Users have a Windows Business Premium licence.

34180-2020-10-22-10-14-56-d1jowenb1-teamviewer.png


When we switch to the "Windows 10 unhealthy Endpoints" it shows us, that the Malware Protection is disabled. We cant figure out a way to Activate them. I researched a lot, but did not find a solutions to this issue

34255-bearbeitet.png



What could cause this Problem. The Devices are Hybrid Azure AD Joined.

Thank a lot for your Help.

windows-10-securitymem-intune-generalmem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonathanDBrown-7564 avatar image
2 Votes"
JonathanDBrown-7564 answered Jayd-0666 commented

@Jayd-0666 UPDATE:
We got all devices to be compliant (including antivirus enforcement) except one. However 2 devices (one shows as compliant and one does not) show the "unhealthy" list.

For most adding additional Configuration profiles fixed it. For 1 device we had to retire it from Intune. Delete it from Azure AD (in portal.azure.com) and re-add it to Azure AD. The 2 that we did the Retire/Re-add procedure for, are both still in the "unhealthy" list. 1 is compliant and one is not. MS support says there is a known bug though we have no detail on that bug at this time.

42805-image.png



image.png (54.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JonathanDBrown-7564 Update:

After we added the Configuration Profiles, the Devices startet to disappear from the unhealthy status. So that worked perfectly. We also got the answer from MS and they said the same about setting a Configuration Profile.

Thanks a lot for the help and sharing the Information with us. That really helped a lot.

0 Votes 0 ·
MollyLu-MSFT avatar image
0 Votes"
MollyLu-MSFT answered Jayd-0666 commented

Hi,

This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.

Best regards,
Molly

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hey @MollyLu-MSFT , did you find anything?

1 Vote 1 ·

@Jayd-0666 Any luck with resolving this?

0 Votes 0 ·
Jayd-0666 avatar image Jayd-0666 JonathanDBrown-7564 ·

@JonathanDBrown-7564 unfortunately not yet =(

0 Votes 0 ·
DavidThompson-9150 avatar image
0 Votes"
DavidThompson-9150 answered

@MollyLu-MSFT - I am also interested in your answer to this question.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Maciey-3020 avatar image
0 Votes"
Maciey-3020 answered

Hi, I'm facing similar problem.
Question: What is the condition for the "malware protection" status set to "disabled"? What is being monitored? Defender service?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MtenBroeke avatar image
0 Votes"
MtenBroeke answered

We see the same issues together with a surge of non-compliant systems that suddenly did not perform updates on their signatures. These come and go and atleast for the Signature Updates we can manually trigger them from Intune, but it is strange that defender randomly seems to stop updating on it's own and needs a trigger to start again.

I'm interested in how to be able to Enable the malware protection on systems as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonathanDBrown-7564 avatar image
0 Votes"
JonathanDBrown-7564 answered

We are also seeing this problem. What's the solution?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonathanDBrown-7564 avatar image
0 Votes"
JonathanDBrown-7564 answered Jayd-0666 edited

Some of our PC are now off the list. Here is what Microsoft Support recommended.

Could you please try to un-assign policy from endpoint security and assign it from device configuration setting and check the behavior.

Please find the related article : https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JonathanDBrown-7564 I am also interested in the answer to this question. Could you put more information regarding what fixed this for you? Thanks!

0 Votes 0 ·

@Brad-72644646 We have a ticket open with Microsoft Premier Support. I'll post results here.

0 Votes 0 ·

We to created a Ticket aswell. We added few more Devices to intune. We had than 260 inactive Agents. But after some time it dropped to 250 inactive Clients. I dont have really an explanation how this change occurs.

0 Votes 0 ·
JonathanDBrown-7564 avatar image
1 Vote"
JonathanDBrown-7564 answered jhauan commented

Update. Only 1 system is "unhealthy".

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So you removed the Basic Defender Antivirus profile from Endpoint Security and set up real time scan and everything through device restrictions and that worked?

0 Votes 0 ·

Yes. We still had one system that did not show as compliant even though it was.

0 Votes 0 ·
jhauan avatar image jhauan JonathanDBrown-7564 ·

Did it take long for it to update? You just configured Defender Antivirus under Device Restrictions right? Still saying all my devices are "Inactive" under Endpoint Security and Antivirus.

0 Votes 0 ·
Show more comments
SathishKumarPatchaiappan-2219 avatar image
0 Votes"
SathishKumarPatchaiappan-2219 answered

Dear Team,

We are facing the same issue for one of our client. Few machines are displayed as "unhealthy".
Is there any latest update for this issue ? Currently we co-manage ( SCCM and Intune) only for Endpoint Security .

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.