Hey Checkyourlogs Fans,
Today, I was tasked with onboarding some new Microsoft Surface ARM64-based devices, which had the Snapdragon X 12-core processor.
The issue is that we received the following error message when trying to onboard to Defender Endpoint.
As you can see above, the error message we received was “Unable to start Microsoft Defender for Endpoint Service. Error Message: The Service Name is Invalid”
We checked services.msc and noted that the Windows Defender Advanced Threat Protection Service was missing.
To fix this we need to add it back in by running:
DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~
Then Reboot.
Post reboot we can see the service is installed.
Rerun the onboarding script.
Now we can see the device in the security.microsoft.com portal and the service is running properly.
If you are working with these devices, it is advised that you update the OS Gold image or follow the autopilot steps to add the service back in. Otherwise, you might see a gap in protection.
Thanks,
Dave
