This week, Microsoft released Windows 11 LTSC 2024 and detailed all the new features it gains compared to Windows 10. The company also published a detailed post explaining the Windows 11 24H2 upgrade information, compatibility, and features for managed enterprise and office PCs. Additionally, the tech giant reminded system administrators how feature updates can be made "optional" with its recently released policy change.
Aside from these, Microsoft has now published a guidance post related to a Defender for Endpoint onboarding issue on the latest feature update. The company says the problem is present even if an endpoint detection and response (EDR) policy is applied via Intune.
Microsoft has described two scenarios in which this happens on Windows 11 Pro PCs (It is worth noting that the Windows 11 Home SKU does not support Defender for Endpoint cloud security). It explains:
A user buys a new device that has the Home SKU. This SKU does not support Defender for Endpoint. Then the user upgrades to Pro using a Pro product key. This process, called “transmog,” does not install Defender for Endpoint, which is by design. The Defender for Endpoint agent is not correctly enrolled in the Defender for Endpoint service, and the device is not protected.
A user buys a new device that has the Pro SKU, and the OEM did not install the required feature.
Therefore, even if a user buys a new Windows 11 24H2 Pro PC that the OEM had pre-upgraded from Home, the problem pops up. Thankfully, Microsoft says that Intune displays an error message when it is unable to successfully apply the EDR policy.
A workaround has also been published by the company, which involves running the following Deployment Image Servicing and Management (DISM) elevated command before the onboarding process:
Workaround
Use the Deployment Image Servicing and Management (DISM) command-line tool to install the Windows Sense Client from an elevated command prompt. See the command below.
DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~
You can view the minimum system requirements for Defender for Endpoint here on Microsoft's official site. The details of this issue have been published on this support page under KB5043950.
0 Comments - Add comment