This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 78%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
We're running a non-persistent VDI pool with FileShares as the definition update source. This has been working fine until we began onboarding/offboarding VM's into security centre.
Initially, I configured the image to run the onboarding script for 'multiple entries' in VDI to check it works - it did, with plenty of duplicate machine names. I then adjusted the master image to use the 'single entry' method described here
This also appears to work, we don't see anymore duplicates in the Security Centre console, but the local VM's do not display their Defender engine status.
Reading around KB's for defender and 'troubleshoot onboarding ' docs - there's some core services that must be running on the VMs - diagtrack, windefend, rpcSs AND Sense service. Checking I could see all of these services were running (presumably a good thing...). At this point I had not ran an offboarding script on the master image (which is recommended). I ran the offboarding script, created a new snapshot, published, and then could see the VM's DID display their engine status correctly, and appeared to perform their startup task to fetch definitiosn from our UNC share.
We're on E3 licensing, my question is this - the Defender SENSE service appears to be causing the defender engine to 'break' on the child VM's , with the service running, VM's do not display their last update status, should the SENSE service be running if we're onboarding VM's to security centre? Why does the SENSE service cause the defender engine to egg-timer/not display it's status - is this a licensing limitation or incompatibility the 'FileShares' updating for definitions w/ onboarding to security centre?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 18%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELK%3C/text%3E%3C/svg%3E)
Hello @Dave Baker ,
Is there any error message showing the Defender SENSE service cause the defender engine not display its' status?
Did you Manage Microsoft Defender Antivirus updates?
Did you meet the requirements for Microsoft Defender for Endpoint?
For your reference:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide
Best regards,
Leila
----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Dave Baker ,
How are things going there on this issue?
Please let me know if you would like further assistance.