Saturday, 27 August 2022

Defender for Endpoint - Onboarding status column missing

I came across this on a customer site last week. The Onboarding status column was missing in the Microsoft 365 Defender portal for all administrators, although they had been granted the Security Administrator role.

Navigate to Assets > Devices and you can see that the column is missing. It should be between Sensor health state and Last device update (by default).


I found that the reason for this was that Device discovery was disabled (Settings > Endpoints > Advanced features).


Turning on Device discovery solved the problem.


The Onboarding status column was restored.


You can see the importance of this column.


We can see if devices have been onboarded. If not we can see if they are unsupported by Defender for Endpoint or just not onboarded (Can be onboarded). This will require some action.


The fix makes sense. We are sort of told about this limitation when we disable Device discovery.

I hope this helps of you find yourself in the same situation. Until next time....