Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Windows Defender Advanced Threat Protection - Collect/Surface Log Data

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection

The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.

11 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Nash Pherson (MVP) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Matt Schultz [BCBSNE] commented  ·   ·  Flag as inappropriate

    Expanding on this, ConfigMgr should collect all the Windows Defender events for components it can manage, regardless of whether the customer has ATP. Stepping up to ATP is a significant expense for many customers. Upselling to ATP should be for the benefit of the machine learning enhancements it brings, not manageability of the built-in Windows features.

Feedback and Knowledge Base