Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When you add a device to the Microsoft Defender for Endpoint service for management, it's referred to as onboarding. Onboarding allows devices to report signals about their health status to the service.
Verifying that a device is added to the service successfully is a critical step in the entire deployment process. It helps ensure that all the devices expected are being managed.
Prerequisites
Supported operating systems
- Windows Server 2012 R2
- Windows Server 2016 and later
- Azure Stack HCI OS, version 23H2 and later
Verify Microsoft Defender for Endpoint onboarding of a device using a PowerShell detection test
Run the following PowerShell script on a newly onboarded device to verify that it's properly reporting to the Defender for Endpoint service.
- On the device, open Command Prompt as an administrator. 
- At the prompt, copy and run the following command: - powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'- The Command Prompt window closes automatically. If successful, a new alert appears in the portal for the onboarded device in about 10 minutes. - Note - You can also use the EICAR test string to perform this test. You'll receive a notification on the endpoint and an alert in the Microsoft Defender portal. 
Related articles
- Onboard client devices
- Onboard servers
- Troubleshoot Microsoft Defender for Endpoint onboarding issues
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.