problem running the Microsoft Defender onboarding script using GPO

HK G 491 Reputation points

I am following the article below to onboarding our Windows servers to the Microsoft Defender Portal using the onboarding script with GPO.

The GPO was successfully applied to the servers and I can see the scheduled task (running the onboarding script) on the task list locally on the server. However, the script didn't seem to run and Network Threat protection service was not installed. I checked the task history and it didn't show any error other than the return code 2147942401. I checked the path (to the script) and the name of the script few times and it looks fine to.

Any idea how to troubleshoot this issue?


Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,145 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,339 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
828 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 26,656 Reputation points

    Hello there,

    If the onboarding is completed successfully but the devices aren't showing up in the Devices list after an hour check the result of the script on the device:

    Click Start, type Event Viewer, and press Enter.

    Go to Windows Logs > Application.

    Look for an event from WDATPOnboarding event source.

    If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–