检查 Microsoft Defender for Endpoint 中的传感器运行状况Check sensor health state in Microsoft Defender for Endpoint

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

" 具有传感器问题的设备" 磁贴位于安全操作仪表板上。The Devices with sensor issues tile is found on the Security Operations dashboard. 此磁贴提供有关单个设备提供传感器数据并与 Defender for Endpoint 服务通信的能力的信息。This tile provides information on the individual device’s ability to provide sensor data and communicate with the Defender for Endpoint service. 它报告需要关注的设备数,并帮助你识别有问题的设备并采取措施纠正已知问题。It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.

磁贴上有两个状态指示器,它们提供有关未正确报告给服务的设备数量的信息:There are two status indicators on the tile that provide information on the number of devices that are not reporting properly to the service:

  • 配置错误 - 这些设备可能部分向 Defender for Endpoint 服务报告传感器数据,并且可能有需要更正的配置错误。Misconfigured - These devices might partially be reporting sensor data to the Defender for Endpoint service and might have configuration errors that need to be corrected.
  • 活动 - 在过去一个月内停止向 Defender for Endpoint 服务报告超过七天的设备。Inactive - Devices that have stopped reporting to the Defender for Endpoint service for more than seven days in the past month.

单击任何组将你引导到 设备列表,该列表根据你的选择进行筛选。Clicking any of the groups directs you to Devices list, filtered according to your choice.

具有传感器问题的设备的屏幕截图磁贴

"设备" 列表上,可以按以下状态筛选运行状况列表:On Devices list, you can filter the health state list by the following status:

  • Active - 主动向 Defender for Endpoint 服务报告的设备。Active - Devices that are actively reporting to the Defender for Endpoint service.
  • 错误配置 - 这些设备可能部分向 Defender for Endpoint 服务报告传感器数据,但具有需要更正的配置错误。Misconfigured - These devices might partially be reporting sensor data to the Defender for Endpoint service but have configuration errors that need to be corrected. 配置错误的设备可能具有以下一个问题或以下问题的组合:Misconfigured devices can have either one or a combination of the following issues:
    • 无传感器数据 - 设备已停止发送传感器数据。No sensor data - Devices has stopped sending sensor data. 可以从设备触发有限警报。Limited alerts can be triggered from the device.
    • 通信受损 - 与设备通信的能力受损。Impaired communications - Ability to communicate with device is impaired. 发送文件进行深入分析、阻止文件、将设备与网络隔离以及需要与设备通信的其他操作可能不起作用。Sending files for deep analysis, blocking files, isolating device from network and other actions that require communication with the device may not work.
  • 活动 - 停止向 Defender for Endpoint 服务报告的设备。Inactive - Devices that have stopped reporting to the Defender for Endpoint service.

您还可以使用导出功能以 CSV 格式下载 整个 列表。You can also download the entire list in CSV format using the Export feature. 有关筛选器的信息,请参阅 查看和组织设备列表For more information on filters, see View and organize the Devices list.

备注

导出 CSV 格式的列表以显示未筛选的数据。Export the list in CSV format to display the unfiltered data. CSV 文件将包含组织的所有设备,而不考虑视图本身应用的任何筛选,并且可能需要大量时间来下载,具体取决于你的组织规模。The CSV file will include all devices in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.

设备列表页面的屏幕截图

单击错误配置或不活动的设备时,可以查看设备详细信息。You can view the device details when you click on a misconfigured or inactive device.