Share via

Help please, Intune-enrolled devices failed to onboard to the Defender portal.

Andy Liang 5 Reputation points
2025-11-18T04:58:23.6433333+00:00

We are rolling out Defender via Intune for this customer. I’ve successfully enabled Hybrid Join, and MDM enrolment is working as expected. 50+ Windows 11 Devices are appearing in Intune; however, there are still 0 devices showing in the Microsoft Defender portal. When you click into any device within the default EDR policy, the Onboarding (Device) status shows Failed with error code 65000.

The default EDR policy is normally created automatically after clicking Get started and follow the prompts, but the “Welcome to Microsoft Defender for Business – Get started” page never appeared for this tenant. In situations like this, I normally have to enable the connector then create the EDR policy manually. During policy creation, the “Auto from connector” option did not appear from the drop down—only Onboard and Offboard were available. I tried toggling the Microsoft Intune Connector off and on multiple times; at one point, after turning it off, I received the message “A Microsoft Intune license was not found.”

The customer has Microsoft 365 A5 for Faculty, which should include Intune Plan 1 and the Microsoft Defender for Endpoint licence.

Could anyone please shed some light on this?

Microsoft Security | Microsoft Defender | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Heagerty 5 Reputation points
    2025-11-24T05:31:29.2266667+00:00

    I had the same issue, but for M365 Business Premium specifically.
    To resolve, delete any custom EDR policies in Intune, then select 'Deploy preconfigured policy' from the 'EDR Onboarding Status' tab as shown:
    User's image

    Microsoft article link for reference:
    https://learn.microsoft.com/en-us/intune/intune-service/protect/endpoint-security-edr-policy#use-a-preconfigured-edr-policy

    This must be a new change by Microsoft, as using the 'Auto from Connector' option for EDR policies would always work for in the past, but now this option has been removed.

    Was this answer helpful?

    1 person found this answer helpful.

  2. AI answer

    2025-11-18T04:58:39.9033333+00:00

    It seems you are experiencing issues with onboarding devices to the Microsoft Defender portal despite having successfully enrolled them in Intune. The error code 65000 indicates a general failure in the onboarding process, which can be attributed to several factors.

    Here are some steps you can take to troubleshoot the issue:

    1. Check Microsoft Entra ID Registration: Ensure that the devices are properly registered in Microsoft Entra ID. If they are not, this could hinder their visibility in the Defender portal.
    2. Verify Intune Configuration: Since you mentioned that the default EDR policy was not created automatically, ensure that the Microsoft Intune tenant is configured correctly to support Microsoft Defender for Endpoint Security Configuration Management. You can refer to the configuration documentation to ensure all settings are correct.
    3. Run the Microsoft Defender for Endpoint Client Analyzer: This tool can help identify issues with the onboarding process. It provides detailed information about the device's configuration and can highlight any errors that may be preventing successful onboarding.
    4. Connectivity Issues: Ensure that the necessary endpoints for Microsoft Entra ID and Microsoft Intune are accessible through your firewall. Connectivity issues can often lead to onboarding failures.
    5. Manual Policy Creation: If the automatic policy creation is not functioning, you may need to create the EDR policy manually. Ensure that you have the correct options available during the policy creation process.
    6. Licensing Issues: Since you received a message indicating that a Microsoft Intune license was not found, double-check the licensing for the customer. Ensure that the Microsoft 365 A5 for Faculty plan includes the necessary licenses for both Intune and Microsoft Defender for Endpoint.

    If these steps do not resolve the issue, consider reaching out to Microsoft support for further assistance, as they can provide more specific guidance based on the tenant's configuration and licensing.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.