Troubleshoot sensor health using Microsoft Defender for Endpoint Client Analyzer

Applies to:

The Microsoft Defender for Endpoint Client Analyzer (MDECA) can be useful when diagnosing sensor health or reliability issues on onboarded devices running either Windows, Linux, or macOS. For example, you may want to run the analyzer on a machine that appears to be unhealthy according to the displayed sensor health status (Inactive, No Sensor Data or Impaired Communications) in the security portal.

Besides obvious sensor health issues, MDECA can collect other traces, logs, and diagnostic information for troubleshooting complex scenarios such as:

Privacy notice

  • The Microsoft Defender for Endpoint Client Analyzer tool is regularly used by Microsoft Customer Support Services (CSS) to collect information that will help troubleshoot issues you may be experiencing with Microsoft Defender for Endpoint.

  • The collected data may contain Personally Identifiable Information (PII) and/or sensitive data, such as (but not limited to) IP addresses, PC names, and usernames.

  • Once data collection is complete, the tool saves the data locally on the machine within a subfolder and compressed zip file.

  • No data is automatically sent to Microsoft. If you are using the tool during collaboration on a support issue, you may be asked to send the compressed data to Microsoft CSS using Secure File Exchange to facilitate the investigation of the issue.

For more information about Secure File Exchange, see How to use Secure File Exchange to exchange files with Microsoft Support

For more information about our privacy statement, see Microsoft Privacy Statement.



Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.