544 questions
Defender for Business - scan policy don't work.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 57.00000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Alextheonlyone
196
Reputation points
Hi All!
We just started to use Defender for Business. I succesfully onboarded some Win10 and Win11 devices via group policy (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-gp?view=o365-worldwide) (We choosen this method, because we don't use Azure AD, we use local AD). I see these devices in the Device Inventory fine. So its OK.
We use the default in-bulit policy (https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-worldwide) (Microsoft Security portal -> Endpoints -> Configuration Management -> Device configuration / Next-generation protection / NGP Windows default policy).
We have "daily full scan" settings in the NGP Windows default policy , but when I open the Windows Security in our onboarded devices I don't see the effect of the policy, I see that the quick scan are set. I know that Microsoft doesn't recommend scheduling full scans, its just a test setting.
How I checked that the default policy (or other policies) has take affect for our devices and why the scan policies (or the entrie policies) don't download to our devices?
Thanks in advance!
Windows for business | Windows 365 Business
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 36%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Matthew Mclaughlin 1 Reputation point2022-07-15T10:32:46.973+00:00 Hi.
Thank you for your question and reaching out.
My name is John and I’d be more than happy to help you with your query.You could have to investigate the Microsoft Defender for Endpoint onboarding process assuming that you experience issues.
This page gives definite moves toward investigate onboarding issues that could happen while sending with one of the arrangement instruments and
normal mistakes that could happen on the gadgets. Please checkhttps://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwidefor more information.
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.
Best regards,
John
John Marwin -
Alextheonlyone 196 Reputation points
2022-07-15T13:27:55.787+00:00 Hi John,
Thanks for the answer.
I didn't find any solution in your linked guide.
The onboards were succesfull, Defender services are running in our onboarded devices.
However, I relised an error message at the onboarded devices in the Windows O365 Secutiry portal, see below:
I don't know what does it mean. We don't use Azure and as I know we don't have to use it for use Defedner for Business. Maybe there is no connection between this error message (it's no occuer any problems) and the fact that the policies don't deploy in our devices, but maybe you know it better.
Sign in to comment
Sign in to answer