locked
Defender ATP - Failed to create a Live Response session on selected machine RRS feed

  • Question

  • Hi Guys,

    I want to start a Live Response session with Defender ATP but I always get this error

    Failed to create a Live Response session on selected machine

    OS Version is the requested one (Win 10, 1909) and the VM is hosted in Azure. I'm able to connect the PowerShell over Azure directly so I assume that it is no Problem with the "Endpoint". But I cant figure out why I can't connect over the Defender Security Center. 

    Maybe you can help me with this Problem? 

    There is no Intune and the machines are not Domain-joined but they are visible in the "Machine-Tab". 

    Same happens for all Windows Server VMs

    Wednesday, November 27, 2019 8:42 AM

All replies

  • And the Roles are set like it says in the Microsoft Articles  (so I assume that it is correct)

    Configure advanced features in Microsoft Defender ATP

    and

    Create and manage roles for role-based access control


    


    • Edited by 0ptix Wednesday, November 27, 2019 8:47 AM
    Wednesday, November 27, 2019 8:47 AM
  • Is there a 2nd part to the error message?

    I've seen "Failed to create a Live Response session on selected device" for several reasons, and it usually gives a better hint as to what the problem is.  For example:

    Failed to create a Live Response session on selected device
    Machine's protection level doesn't allow to launch a session on it

    Failed to create a Live Response session on selected device
    Machine does not satisfy the minimum required sense version 10.6800 (Minimum windows build required: 18323)

    Nick.

    Monday, May 18, 2020 2:43 PM