SOLVED Endpoint Protection Enabled not populated

[jdwheaton]

Hi everyone, we are deploying Defender in our environment to Windows servers (2016 and 2019). I'm able to successfully deploy Defender antivirus policies and can confirm this on the clients. However, in the SCCM console I'm getting mixed results as far as the information coming back from the clients. I have some that show up with "Enabled" in the "Endpoint Protection Enabled" column along with a current version of the definition files and "Succeeded" in the "Endpoint Protection Policy Application State" which is all to be expected. I'm also getting some clients that only have the "Succeeded" in the "Endpoint Protection Policy Application State" column and blank in the other two. Has anyone come across this?

For troubleshooting I have restarted the client, performed a repair on the SCCM client, kicked off the "Download Definition" on the collection as well. Thanks for any help or direction for further troubleshooting.

 

[jdwheaton]

**SOLVED**
Workwing with a hired gun we solved this. The problem was some registry keys missing on the clients so they weren't able to report in correctly.

Here's the link to the fix https://learn.microsoft.com/en-us/t...on/configmgr-console-shows-out-of-date-values

and here's the exact powershell lines I ran using a remote powershell session on the affected systems:

Register-CimProvider -ProviderName ProtectionManagement -Namespace root\Microsoft\protectionmanagement -Path "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\protectionManagement.dll" -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate
restart-service -name CcmExec

An important item to note, if the path to the specific version doesn't exist on the client just choose the most recent folder version. Of the 20 machines I ran this against I only had 1 that didn't have this exact path.