This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 59%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
So we activated Defender ATP within Intune and connected it with Microsoft Defender Security Center:
I can see the devices at https://securitycenter.windows.com/machines
But Intune reports them as devices without ATP-sensor:
Also Defender Security Center states: "Device not found in Azure ATP"
I don't know why this is, because I made a Device configuration profile for onboarding the devices in ATP:
I looked at the SENSE log at Microsoft-Windows-SENSE/Operational, but don't see any errors there:
only informational entry's >>
Does anyone know where to look for now?
Hi, we are looking into this issue and will update you shortly!
In the MDM Diagnostic Report I can't find anything related to "onboard" or "onboarding".
At the event log under Applications and Services Logs\Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider I didn't find anything related to "onboarding" or "WindowsAdvancedThreatProtection".
Also I logged on with a local admin account on this device and now I see the status on the Device configuration profile for the Defender Onboarding change to succeeded:
Also the ATP-sensor seems to be working now!
But https://securitycenter.windows.com still shows:
Additional question: It shouldn't be required to logon with a local account to have the security on these Win10 devices activated in the right way, right?? I can't let this ship to our end-users this way.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Chned , Thanks for the update. From your description, it seems the Device with ATP sensor shows 1 device but it is not onborading on the ATP portal. Here, we suggest to sign out the local account and sign in the Azure AD account, wait some time to see if the device will be onboard into ATP portal.
For the policy to local account, I notice the policy is assigned to two groups. Could you make a description of the two groups?
Strange, because I do see other details like (see screenshot below).
About the policy groups: these are 2 Azure Cloud Security groups. In one of these groups is this particular device a Direct member. In the groups only Win10 Devices are assigned.
@Chned , Thanks for the reply. From the picture you provided, it seems there's information in "Azure ATP alerts" but it shows "Device not found in Azure AD". It seems to be strange. Here, we suggest to contact ATP support to know it better.
https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/contact-support
In addition, I notice there's a tab named "Device details". Could you confirm if our device is there?
For the group assigned with Intune policy, I notice it is device group. Could you change to user group and see if the result will be different?
In Device details I see the correct details for this device.
For the group question: it should be a device group right?
@Chned , Thanks for the reply. From your description, I know our device is under device details, it seems the device is onboarded successfully.
For the group setting, based on our testing, when the Microsoft Defender ATP client configuration package type is applied to the device group, it will applied to all users include local users . From our official article, I didn't find the policy is limited to device group. So we suggest to apply this policy to user group to see if the status under "Device with ATP sensor" shows correctly without local user logging.
Thanks and I look forward to your reply.
I assigned the configuration profile for onboarding Defender to all users group, but I see the same error. SENSE-log shows no errors. No ATP-sensor active.
The above response was too quickly; it is working now the onboarding profile is assigned to the All users group! After the adjustment I enrolled a device too soon I guess.
Only thing is that https://securitycenter.windows.com/ still shows: "Device not found in Azure ATP"
@Chned , Thanks for the update. I am glad to hear that the onboarding is working well now. Congratulations! For the issue in security center, as we are not familiar with this. To better help on this, we suggest to contact the windows security support to help:
https://learn.microsoft.com/en-us/answers/topics/windows-10-security.html
Thanks for the understanding.