This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
Now I configure windows device onboarding to Defender portal using Intune. But I faced one issue that first I create compliance policy in my Intune portal with Require the device to be at or under the machine risk score. And then, windows 10 device is joined to Microsoft Entra ID by one user who is M365 user using Business Premium license. When device sync with my compliance policy in Intune, one of policy show non-compliant. Please kindly check the attached photo. I set whether Low, high, medium and clear but isn't working. could you please help me "How to solve this issue in my environment" . Thank You.
What is the status of the device on the Defender portal?
This device isn't showed on the defender portal.
If the device is not onboarding on Defender, then make sure that the pre-requisites are being met. Also, you may need to check for connectivity of the endpoints to the Defender urls. There is MDE test connectivity script available on GitHub that you can run to validate.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Paing Hein Kyaw, Thanks for posting in Q&A. For the compliance setting "Require the device to be at or under the machine risk score:", Machine risk score is measured by Microsoft Defender for Endpoint.
Please check if the device is onboarded to Microsoft Defender for Endpoint. And check the machine risk score on Microsoft Defender for Endpoint to see if it is at or under the score we configure in compliance policy.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yes Crystal, I already set machine risk level using Intune Compliance Policy. My machine is medium. But my device isn't showed in MDE portal.
@Paing Hein Kyaw, Thanks for the reply. If the device isn't shown in MDE portal, that means the device has onboarding issue. You can follow the steps in the following link to troubleshoot the onboarding issue.
Hello Crystal, now my device have MDE sensor in showing defender for point on Intune. this device successfully assigned with EDR policy. But it can't show in MDE Portal.
I already checked onboarding issue with your guide link. MDE sensor is running in my device. could you please guide to me for my issue? Thank You.
@Paing Hein Kyaw, Thanks for the reply. From the information you provided, it shows the device onboard onto Microsoft Defender for Endpoint. But on Defender side, it is not there. Was any error under Applications and Services Logs > Microsoft > Windows > SENSE. event log on the device side? If not, then it is strange, I suggest open case with Defender for Endpoint support to look into the issue in the background.
Yes, I saw some logs in event viewer. I show you pls see the attach photo.
But, sgrmbroker service is already run in service.
@Paing Hein Kyaw, For the event id 69, it is service stop event. How about the description in event id 67 and 70?
70 is Policy Update : Allow sample collection - 0x0.
for 67, pls look attach photo. Thank you.
@Paing Hein Kyaw, Thanks for the reply. For the event id 70, it seems not related with this. For the event id 67, it shows 9 times failed to connect to server But it still has 3 times success. After researching on the Internet, I can't confirm if it is related. I suggest contact Defender support which we provide before to look into the issue.