Skip to main content

Posts

Onboarding problem in Microsoft Defender ATP from Endpoint Configuration Manager

The problem in my case occured on Windows 10 ver 1903 when onbording clients with a Microsoft Defender ATP Policy from the Configmgr console. The error code of the deployment was: Error 0x80041019 "Object or property already exist".
When looking in the Even viewer on one of the faulting machines under:
Applications and services logs\Microsoft\Windows\SENSE\Operational
I found some entries stating "could not find the file" or "file missing" and so on..
That had me to look for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
And I found that the Windows Advanced Threat Protection key was missing.
When replacing that and running the configuration baseline for Defender ATP evaluation on the machine from the configuration manager agent, the client was sucessfully onboarded.
The information that lead me to look for that registry key was this:
https://docs.microsoft.com/en-us/windows/security/threat-protection/micros…
Recent posts

WinPE 1903 stops with Windows logo at boot in VMware

After a site upgrade with new version of ADK and WinPE to 1903 we run into a problem when booting a WinPE iso in VMware. The machine just stops/hangs/freezes with the Windows logo and with a high cpu usage. Turned out to be a known issue with VMware and WinPE/Windows 10 v1903 and a workaround to to disable vIOMMU on the virtual host. (This is a security feature that you have to decide if you want to disable). More information here: https://kb.vmware.com/s/article/68043