Defender ATP deployment Problem

Bonus12 1,116 Reputation points
2020-11-20T19:43:22.76+00:00

Hi,

I'm deploying defender ATP policy using MECM 2006 , all hotfixes are installed up to date. when I onboard machines via a script it works and machines are onboarded but when I deploy the ATP policy via MECM I see error in the deployment and it the deployment error is " Incorrect parameter"

I'm suing I'm using the configuration manager pakcgae and also tried different settings in the policy , ex. File samples None or All
in the ATPhandler log I see the following:

ATPHandler: Unexpected configurationtype
ATPhandler: Failure in CATPHandler: HandleUIPolicy: 0x80070057

Any idea what is happening ?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,747 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. SunnyNiu-MSFT 1,696 Reputation points
    2020-11-23T09:29:05.467+00:00

    @Bonus12
    Thank you for posting in Microsoft Q&A forum.
    May I ask how many machines you have deployed to and do they have the same deployment issue?
    What is the operating system version of these machines?
    Different operating systems have different needs for onboarding to ATP. Windows 8.1 and other down-level operating system devices need the Workspace key and Workspace ID to onboard. Up-level devices, such as Windows Server version 1803, need the onboarding configuration file.
    If your target collection contains down-level devices, and you use the instructions for onboarding only up-level devices, then the down-level devices won't be onboarded. The optional Workspace key and Workspace ID fields are used for onboarding down-level devices, but if they aren't included then the policy will fail on down-level clients.
    (1)If your target collection contains both up-level and down-level devices, It is then recommended that you use an Onboard devices with any supported operating system to ATP.
    You can refer to this link for detailed steps:
    https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_any_os
    (2)If your collection contains only up-level devices, then you can use the up-level onboarding instructions.
    You can refer to this link for detailed steps:
    https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_uplevel


    If the response is helpful, please click "Accept Answer"and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful