question

BrandonM-0342 avatar image
0 Votes"
BrandonM-0342 asked saldana-msft edited

Microsoft Defender for Endpoint Onboarding with MEM ConfigMgr issue

I am having trouble onboarding devices into Defender for Endpoint and looking for some input on the ConfigMgr deployment error (0x80070057 The parameter is incorrect) I am getting with my W10 devices.

We are setting up an evaluation of Microsoft Defender for Endpoint (Defender ATP) within our M365 tenant. We run Configuration Manager 2006 on-premise and is configured for Co-Management. I have enabled the Defender for Endpoint trial licenses in our 365 tenant and now trying to onboard devices from Configuration Manager. I followed the documentation Microsoft provided on onboarding devices from MEM Configuration Manager current branch. As of now, the only device I was able to onboard successfully was one Windows Server 2012 R2 device we are using for the evaluation. I can see this device in the https://security.microsoft.com console. The rest of the devices are running Windows 10 and have not successfully onboarded. Most of these devices are returning a "The parameter is incorrect." error when viewing the deployment status from the Monitoring pane of the ConfigMgr console. I have followed through Microsoft's documentation on troubleshooting onboarding but did not find any help from that. Required services are running on the deivces and internet connectivity to Defender URLs tested successful.

I reviewed the C:\Windows\ccm\logs\ATPHandler.log on one of the devices failing with "The parameter is incorrect." and see these errors:
121217-mdfe01.jpg

There are a couple of other devices returning a different error, possibly getting further in the deployment, but most are experiencing this "The parameter is incorrect" error.
121197-mdfe02.jpg

These are the documents I have gone through...

Microsoft Defender for Endpoint: https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection

Onboard the Windows 10 devices using Configuration Manager: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-sccm?view=o365-worldwide

Troubleshoot Microsoft Defender for Endpoint onboarding issues: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide

Downloaded this tool and ran on one device that has deployment error. Tests were successful: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls

Any input is appreciated.


mem-cm-generalmem-cm-co-management
mdfe01.jpg (46.5 KiB)
mdfe02.jpg (47.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AllenLiu-MSFT avatar image
1 Vote"
AllenLiu-MSFT answered AllenLiu-MSFT commented

Hi, @BrandonM-0342
Thank you for posting in Microsoft Q&A forum.

We can see you have one Windows Server 2012 R2 device onboard successfully but all windows 10 devices fail, so did you use the Onboard devices with any supported operating system to Microsoft Defender for Endpoint (recommended), and the target collection contains Up-level and Down-level operating systems?

During my research, someone else has encountered the same problem, and the solution is just waiting. It seems that the policy is not pushed out correctly at first, and the devices will onboarding correctly after 2-3 days, it's really weird issue. You may wait for some days to see if the problem solved.

Here is the related post:
https://techcommunity.microsoft.com/t5/configuration-manager/atphandler-unexpected-configurationtype-error-when-trying-to/m-p/1996474
https://techcommunity.microsoft.com/t5/configuration-manager/unexpected-configurationtype-quot-error-when-attempting-to/m-p/1810793


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AllenLiu-MSFT
Thanks for the response. So after letting everything sit over the weekend, I checked into the deployment and now the devices are showing as Compliant. I also checked the Defender for Endpoint console and the devices are showing in there as well.

Yes, I did see those two other posts about others experiencing the same issue and after waiting 2-3 days, the devices were onboarded. I wasn't sure if that was still relevant to what I was dealing with, but it appears so. That is a strange issue and a bit discouraging towards this product. We are evaluating several of these types of products and I don't believe we had any issues onboarding devices for those trials.

0 Votes 0 ·

Hi, @BrandonM-0342

Thanks for the feedback.
I can fully understand your feelings, although the devices were onboarded finally, but the logic is obviously a bit strange.
I suggest you to send a bug report through the Configuration Manager Console, to do this, press the "Smile face" button in the top right corner and choose "Send a Frown".

For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help


If the response is helpful, please click "Accept Answer" and upvote it.

1 Vote 1 ·

I have submitted feedback from the console. Thanks.

0 Votes 0 ·
Show more comments