This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
I've purchased two Surface Laptop 7's and have enrolled them into Intune after upgrading to Windows Pro.
Nearly all of my policies have applied correctly, and I can see the devices listed in Intune.
However, they do not appear to have been onboarded to Defender for Endpoint. For every other device this process has been automatic, yet it seems as though these two devices are marked as "Not applicable" in my EDR config profile:
These are the settings in my EDR profile:
I've tried running the local onboarding script from the Microsoft Defender portal, but I get this error:
It appears as though there is no Microsoft Defender for Endpoint Service on these devices - I've seen that the service may also be called "Sense", but I can't find that listed in services.msc either. Both laptops also have the Windows Security app installed and active - similar to my other devices. Is this a known issue for ARM devices?
Not really sure how best to proceed from here - any advice is greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 17%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hi Matt, thanks for your question!
Based on your description, it looks like the OS was upgraded from Home to Pro version. The Home version of Windows 11 does not include MDE.
In this scenario, you can add the MDE Service back by running the following command via elevated CMD Prompt:
DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~
Hope this helps!
Thank you - this worked!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thanks for the information.