question

uMarko2-0765 avatar image
0 Votes"
uMarko2-0765 asked uMarko2-0765 edited

Where does MECM console list unhealthy Defender for Endpoint clients (2)

I am planning the deployment of Defender for Endpoint Plan 1 clients across our enterprise. I would prefer using MECM, because we don’t have our Win10 endpoints enrolled in InTune. We need to manage the clients after they are deployed.

The article https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#monitor says that to Monitor clients using MECM, go to the dashboard at Monitoring > Security > Microsoft Defender ATP Status. At that page I see a piechart for Microsoft Defender ATP Agent Health, which shows percentage of clients that are Healthy, Inactive, Agent stopped, or Not onboarded. See attached << MECM-ATPagentHealthDashboard.png>>.

184549-mecm-atpagenthealthdashboard.png

But when I click on any pie slice, it does not give a listing of the clients. How do I get such listings in MECM console?

If I am forced to use Intune, I can get such listings at Endpoint Manager admin center’s Microsoft Defender Antivirus Agent Status report, which has client health columns for MDE Sense Running State and MDE Onboarding Status. See attached << EndpointMgrShowsMDEsenseRunningState.PNG>>. I am hoping that MECM can give me the equivalent.


197474-endpointmgrshowsmdesenserunningstate.png


mem-cm-generalwindows-10-security
mecm-atpagenthealthdashboard.png (119.1 KiB)
endpointmgrshowsmdesenserunningstate.png (42.3 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered

Hi,

Thanks very much for your feedback and sharing. Here's a short summary for the problem, hope it could help other users to search for useful information more quickly.

Problem/Symptom:
Where in the MECM console can we get a list of unheathy Defender for Endpoint clients?

Solution/Workaround:
Unlike Intune, MECM does not list unhealthy Defender for Endpoint clients right now.

Thanks again for your time! Have a nice day!

Best regards,
Simon

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered uMarko2-0765 commented

Hi,

Thanks for posting in Microsoft MECM Q&A forum.

1,Have you ever successfully onboarded the devices by providing the configuration file, Workspace key, and Workspace ID to Configuration Manager?

2,If the onboarding completed successfully but the devices are not showing up in the Devices list after an hour in Configuration Manager, please refer to official article to check if an error occurred with the Microsoft Defender for Endpoint agent:
Troubleshoot onboarding issues on the device

Best regards,
Simon

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

uMarko2-0765 avatar image uMarko2-0765 ·

I have not yet onboarded any devices. My question is not about troubleshooting onboarded devices that don't show up in the MECM console, it is about how to find Defender for Endpoint clients that change to unhealthy for whatever reason. Where in the MECM console can I get a list of such unheathy Defender for Endpoint clients?

0 Votes 0 ·
uMarko2-0765 avatar image
1 Vote"
uMarko2-0765 answered

The answer is No, unlike InTune, MECM does not list unhealthy Defender for Endpoint clients. This according to Sani Sheikh of Microsoft.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.