![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 30%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
Hi @Eric ,
This behavior typically means those devices are not fully onboarded. In Defender for Endpoint, devices showing “Can be onboarded” are usually discovered devices (no active sensor), which is why they appear as Workstation and don’t show engine/platform/security data. Since 1 out of 5 servers reports correctly, this points to a device-level issue, not a Windows Server 2025 support limitation.
I recommend:
- Verify correct server onboarding package/method was used:
https://learn.microsoft.com/en-us/defender-endpoint/onboard-server - Check connectivity to MDE service URLs/proxy exclusions:
https://learn.microsoft.com/en-us/defender-endpoint/verify-connectivity - Run MDE Client Analyzer on an affected server and review results:
https://learn.microsoft.com/en-us/defender-endpoint/run-analyzer-windows
If everything looks correct and the issue persists, this likely requires a Microsoft support case, as the portal may not be properly classifying those devices after onboarding.
Regards,
Burak V.