When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft posts workaround for Windows 11 24H2 Defender bug when upgraded from Home to Pro

Neowin · with 0 comments

A Microsoft Defender logo and text that reads Microsoft Defender for Endpoint

This week, Microsoft released Windows 11 LTSC 2024 and detailed all the new features it gains compared to Windows 10. The company also published a detailed post explaining the Windows 11 24H2 upgrade information, compatibility, and features for managed enterprise and office PCs. Additionally, the tech giant reminded system administrators how feature updates can be made "optional" with its recently released policy change.

Aside from these, Microsoft has now published a guidance post related to a Defender for Endpoint onboarding issue on the latest feature update. The company says the problem is present even if an endpoint detection and response (EDR) policy is applied via Intune.

Microsoft has described two scenarios in which this happens on Windows 11 Pro PCs (It is worth noting that the Windows 11 Home SKU does not support Defender for Endpoint cloud security). It explains:

  • A user buys a new device that has the Home SKU. This SKU does not support Defender for Endpoint. Then the user upgrades to Pro using a Pro product key. This process, called “transmog,” does not install Defender for Endpoint, which is by design. The Defender for Endpoint agent is not correctly enrolled in the Defender for Endpoint service, and the device is not protected.

  • A user buys a new device that has the Pro SKU, and the OEM did not install the required feature.

Therefore, even if a user buys a new Windows 11 24H2 Pro PC that the OEM had pre-upgraded from Home, the problem pops up. Thankfully, Microsoft says that Intune displays an error message when it is unable to successfully apply the EDR policy.

A workaround has also been published by the company, which involves running the following Deployment Image Servicing and Management (DISM) elevated command before the onboarding process:

Workaround

Use the Deployment Image Servicing and Management (DISM) command-line tool to install the Windows Sense Client from an elevated command prompt. See the command below.

DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~

You can view the minimum system requirements for Defender for Endpoint here on Microsoft's official site. The details of this issue have been published on this support page under KB5043950.

Report a problem with article
The Apple Watch Series 10
Next Article

Apple pulls another faulty update after reports of bricked Apple Watch

Amazon Fire HD 8
Previous Article

Amazon announces new Fire HD 8 tablets with improved camera, performance and more

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment