Share via

Defender for Endpoint: Can be onboarded

David Vosswinkel 1 Reputation point
2021-06-18T08:46:56.817+00:00

106880-endpoint.jpgHello
I installed Microsoft Defender for Endpoint on multiple machines with use of WindowsDefenderATPLocalOnboardingScript.cmd.
We also have sccm.

Some of the machines have the Status "can be onboarded". See attached screenshot.
Some have the status "onboarded".

Why is that? I however see that when I try to run eicar test virus on a machine that has status "can be onboarded" not email notification about that is being generated. With "onboarded" machines i get the notification.

Some cloud machines without sccm and ad also have the status onboarded, so i think it has nothing to do whether the machine has sccm or not.

Can you please point me in the right direction.
Thanks a lot

Microsoft Configuration Manager
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 40,961 Reputation points Microsoft Vendor
    2021-06-21T08:50:31.137+00:00

    Hi,
    Thank you for posting in Microsoft Q&A forum.
    According to your description, the issue is not related to SCCM. You attached a SCCM tag, you may try to post a new thread with the tag azure-security-center, you will get a better support from there.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.