This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi,
I'm deploying defender ATP policy using MECM 2006 , all hotfixes are installed up to date. when I onboard machines via a script it works and machines are onboarded but when I deploy the ATP policy via MECM I see error in the deployment and it the deployment error is " Incorrect parameter"
I'm suing I'm using the configuration manager pakcgae and also tried different settings in the policy , ex. File samples None or All
in the ATPhandler log I see the following:
ATPHandler: Unexpected configurationtype
ATPhandler: Failure in CATPHandler: HandleUIPolicy: 0x80070057
Any idea what is happening ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 23%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Bonus12
Thank you for posting in Microsoft Q&A forum.
May I ask how many machines you have deployed to and do they have the same deployment issue?
What is the operating system version of these machines?
Different operating systems have different needs for onboarding to ATP. Windows 8.1 and other down-level operating system devices need the Workspace key and Workspace ID to onboard. Up-level devices, such as Windows Server version 1803, need the onboarding configuration file.
If your target collection contains down-level devices, and you use the instructions for onboarding only up-level devices, then the down-level devices won't be onboarded. The optional Workspace key and Workspace ID fields are used for onboarding down-level devices, but if they aren't included then the policy will fail on down-level clients.
(1)If your target collection contains both up-level and down-level devices, It is then recommended that you use an Onboard devices with any supported operating system to ATP.
You can refer to this link for detailed steps:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_any_os
(2)If your collection contains only up-level devices, then you can use the up-level onboarding instructions.
You can refer to this link for detailed steps:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_uplevel
If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.