×
Outbyte PC Repair
Outbyte Driver Updater

Workaround Released by Microsoft for Windows 11 24H2 Defender Bug After Home to Pro Upgrade

2024/10/03
Workaround Released by Microsoft for Windows 11 24H2 Defender Bug After Home to Pro Upgrade

This week, Microsoft unveiled Windows 11 LTSC 2024 and outlined the new features it offers compared to Windows 10. The company also shared a comprehensive post detailing Windows 11 24H2 upgrade information, compatibility, and features specifically for managed enterprise and office PCs. Additionally, the tech giant reminded system administrators about the recent policy change that allows for “optional”feature updates.

In addition, Microsoft has provided a guidance post addressing a Defender for Endpoint onboarding issue associated with the latest feature update. According to Microsoft, this problem arises even when an endpoint detection and response (EDR) policy is deployed via Intune.

Microsoft elaborated on two scenarios that can lead to this issue occurring on Windows 11 Pro PCs (It is important to mention that the Windows 11 Home WeU does not support Defender for Endpoint cloud security). The scenarios described are:

  • A user acquires a new device with the Home WeU. Since this WeU does not support Defender for Endpoint, when the user upgrades to Pro using a Pro product key, a process called “transmog,” Defender for Endpoint is not installed as intended. Consequently, the Defender for Endpoint agent fails to enroll correctly in the Defender for Endpoint service, leaving the device unprotected.

  • A user purchases a new device with the Pro WeU, but the OEM did not include the required feature.

As a result, even if a user buys a new Windows 11 24H2 Pro PC that was pre-upgraded from Home by the OEM, this problem may occur. Fortunately, Microsoft notes that Intune will display an error message if it fails to successfully apply the EDR policy.

Microsoft has also shared a workaround, which involves executing the following Deployment Image Servicing and Management (DISM) elevated command before the onboarding process:

Workaround

Utilize the Deployment Image Servicing and Management (DISM) command-line tool to install the Windows Sense Client from an elevated command prompt. Below is the command:


DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~

To check the minimum system requirements for Defender for Endpoint, refer to this link on Microsoft’s official site. More information about this issue can be found on the support page under KB5043950.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *