Windows 11 24H2: Upgrade from Home to Pro causes issue with Microsoft Defender for Endpoint

Posted on 2024-10-04 by guenni

Windows[German]If someone upgrades a new computer with Windows 11 24H2 Home later to the Pro version (requires a corresponding license), he will run into issues, if Microsoft Defender for Endpoint shall be used. The system cannot  be integrated into Microsoft Defender for Endpoint. The same applies to OEM systems with Windows 11 24H2 Pro that are not prepared properly. Microsoft has confirmed this as a known issue and posted a workaround.

Advertising

Upgrade from Home to Pro causes issues with Defender

It's possible to upgrade a system with Windows 11 24H2 Home to Pro with a appropriate product key. In enterprises administrators could then try to protect the computer with Microsoft Defender for Endpoint (a cloud service). However, this process fails with Windows 11 24H2, so that Microsoft Defender for Endpoint cannot be activated.

Microsoft has confirmed the problem in the support article KB5043950: Microsoft Defender for Endpoint known issue (colleagues here have noticed this). The problem occurs when new devices with Windows 11 version 24H2 are to be integrated into Microsoft Defender for Endpoint.

Administrators then discover that the devices in question cannot be integrated into the Defender for Endpoint cloud service. The systems do not receive the expected protection, even if Intune is supposed to execute the integration sequence by applying an EDR (Endpoint Detection and Response) policy.

Intune then displays an error message because it cannot successfully apply the policy. Users may also be unable to connect to corporate resources if a Conditional Access policy is configured to require Defender for Endpoint to be enabled and actively reporting. The compliance status is visible in the Microsoft Intune device compliance dashboard.

The issue occurs in these scenarios

According to Microsoft, this error can occur in one of the following two scenarios.

Advertising

Upgrade from Home to Pro

If a user has purchased a new device with Windows 11 24H2 Home, Defender for Endpoint is not supported. However, the user can upgrade to Pro with a Pro product key.

However, Defender for Endpoint is not installed during this upgrade – which is intentional. The Defender for Endpoint agent is not registered correctly in the Defender for Endpoint service and the device is not protected.

OEM device with incorrect OEM preparation

The second case in which there are problems occurs with OEM devices. If a user purchases a new device with the Windows 11 24H2 Pro SKU, the OEM must react and install the corresponding function. If the OEM has slipped up and not installed the required function, the problems outlined above will occur.

 A workaround

The administrator must use the Deployment Image Servicing and Management (DISM) command line tool to install the Windows Sense client from a command prompt with administrative privileges using the following command.

DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client ~~~~

Further information can be found under WindowsAdvancedThreatProtection CSP.

Advertising
This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).