-
Notifications
You must be signed in to change notification settings - Fork 50
/
mdb-troubleshooting.yml
131 lines (83 loc) · 8.24 KB
/
mdb-troubleshooting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
### YamlMime:FAQ
metadata:
title: Microsoft Defender for Business troubleshooting
description: Troubleshoot issues in Microsoft Defender for Business. See how to resolve problems with setup or device management.
search.appverid: MET150
author: siosulli
ms.author: siosulli
manager: deniseb
audience: Admin3
ms.topic: faq
ms.service: defender-business
ms.localizationpriority: medium
ms.date: 05/05/2023
ms.reviewer: efratka
f1.keywords: NOCSH
ms.collection:
- SMB
- m365-security
- tier1
title: Microsoft Defender for Business troubleshooting
summary: |
Use this article as a guide to resolve issues you might encounter in Defender for Business.
sections:
- name: General
questions:
- question: My setup and configuration process failed
answer: |
If you're using the simplified configuration process in Defender for Business and something went wrong, you can still configure your security settings and policies manually. See [Set up and configure Defender for Business](mdb-setup-configuration.md).
- question: I'm seeing indications that some devices aren't protected even though they're onboarded to Defender for Business
answer: |
If devices are running a non-Microsoft antivirus/antimalware solution, real-time protection might be turned off when those devices are onboarded to Defender for Business. Real-time protection is turned on by default in Defender for Business, but a non-Microsoft antivirus/antimalware solution might affect your settings. When real-time protection is turned off, you'll see notifications in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) that some devices aren't protected. In these cases, make sure real-time protection is turned on.
To confirm that real-time protection is turned on, you can view, and if necessary, edit your next-generation protection policies. See [View or edit your security policies and settings](mdb-configure-security-settings.md).
We recommend using Microsoft Defender Antivirus together with Defender for Business to get better protection that's coordinated across products and services. To learn more, see [Better together - Microsoft Defender Antivirus and Microsoft Defender for Endpoint](/defender-endpoint/why-use-microsoft-defender-antivirus).
- question: Users are unable to onboard mobile devices using the Microsoft Defender app.
answer: |
If Defender for Business hasn't finished provisioning, users might not be able to onboard their mobile devices using the Microsoft Defender app. To confirm whether provisioning has completed follow these steps:
1. Go to the [Microsoft Defender portal](https://security.microsoft.com) and sign in.
2. In the navigation bar, go to **Assets** > **Devices**.
- If you see a message that says, "Hang on! We're preparing new spaces for your data and connecting them," it means that Defender for Business hasn't finished provisioning. This process is happening now, and can take up to 24 hours to complete.
- If you see a list of devices, or you're prompted to onboard devices, it means Defender for Business provisioning has completed. Users should now be able to onboard their mobile devices as expected.
- question: Users are running into issues with the Microsoft Defender app on their mobile devices.
answer: |
If users are reporting issues with the Microsoft Defender app, see the following resources to help troubleshoot their issues:
- [Troubleshooting issues on Microsoft Defender for Endpoint on Android](/defender-endpoint/android-support-signin)
- [Troubleshoot issues and find answers to FAQs on Microsoft Defender for Endpoint on iOS](/defender-endpoint/ios-troubleshoot)
- question: I need to resolve a policy conflict
answer: |
Policy conflicts can arise when security policies are defined using multiple tools or methods. Here's an example:
Suppose that Lee has been using Microsoft Intune to manage devices and security settings. Lee has recently started using Defender for Business. Lee has chosen to use the simplified configuration process in Defender for Business. Now, Lee sees policy conflicts in Intune and in the Microsoft Defender portal.
Fortunately, policy conflicts can be resolved by taking one or more of the following actions:
- Delete your existing policies in the Intune admin center
- See [Troubleshoot policies in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intune)
See the following articles to learn more about your security policies in Defender for Business:
- [Set up your security policies and settings](mdb-configure-security-settings.md)
- [View or edit policies](mdb-view-edit-create-policies.md)
- question: There's an integration issue between Defender for Business and Microsoft Intune
answer: |
During your setup and configuration process, you might see an error message that says:
*Something went wrong, and we couldn't complete your setup process. There's an integration issue between Defender for Business and Microsoft Endpoint Manager.*
The error message means that a configuration channel must be established between Defender for Business and Microsoft Intune. If you see the error message, it means that something has gone wrong with integration. To resolve the issue, use the following three procedures:
**Procedure 1: Turn on the Microsoft Intune connection in the Microsoft Defender portal**
1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
2. Choose **Settings** > **Endpoints**. Then, under **General**, select **Advanced features**.
3. Scroll down to **Microsoft Intune connection**, and make sure it's turned on.
**Procedure 2: Set the enforcement scope for Defender for Business**
1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
2. Choose **Settings** > **Endpoints**. Under **Configuration management**, select **Enforcement scope**.
3. Under **OS platform**, turn on **Windows Client devices**.
4. Select **Save**.
**Procedure 3: Turn on Endpoint Security Profile settings in Intune**
1. Go to Intune ([https://intune.microsoft.com](https://intune.microsoft.com)) and sign in.
2. Select **Endpoint security**, and then, under **Setup**, select **Microsoft Defender for Endpoint**.
3. Under **Endpoint Security Profile Settings**, set **Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations** to **On**.
- question: Something went wrong with onboarding devices in the Microsoft Defender portal
answer: |
When you're onboarding devices in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), if something went wrong, an error message is displayed. This issue can occur if you're onboarding devices using a downloadable onboarding package for Microsoft Intune, Group Policy, System Center Configuration Manager, or Mobile Device Management capabilities with Defender for Business.
Defender for Business uses a capability called *Security Management for Microsoft Defender for Endpoint*. If onboarding in Defender for Business fails, the cause most likely has to do with Security Management for Defender for Endpoint. To resolve the issue, see the following articles:
- [Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint](/defender-endpoint/troubleshoot-security-config-mgt)
- [Run Microsoft Defender for Endpoint Client Analyzer on Windows](/defender-endpoint/troubleshoot-security-config-mgt#run-microsoft-defender-for-endpoint-client-analyzer-on-windows)
Alternately, you can try onboarding devices manually. See [Onboard devices](mdb-onboard-devices.md).
additionalContent: |
## See also
- [Defender for Business - Frequently asked questions and answers](mdb-faq.yml)