You might see Azure ATP Sensor fail to install if the Updater Service does not start. This problem stops threat detection and monitoring on your domain controllers.

IT professionals need to fix this problem quickly to keep enterprise environments safe.

Key Takeaways

• Azure ATP Sensor will not install if the Updater Service does not start. This can make domain controllers less safe.

• Make sure Windows services like Windows Update, BITS, and WMI Performance Adapter are running before you install the sensor.

• Use an account that has local admin rights. Make sure the directory service account can read all domain objects. This helps stop permission problems.

• Set up proxy and network settings the right way. Let traffic go straight to Microsoft URLs. Do not use SSL inspection.

• After you install, check that the Updater Service is running. Watch sensor health often in the Microsoft 365 Defender portal. This helps keep your environment safe.

Azure ATP Sensor Installation Errors

Error Codes and Logs

When you try to install the Azure ATP Sensor, you might see error code 0x80070643. This code shows up if the installer cannot find your system’s proxy settings. You can also get this error if there are permission issues. Sometimes, your environment blocks the installation. The installation logs help you understand why these failures happen.

You can look for these logs in different places:

• Your user’s temp folder, usually at %USERPROFILE%\AppData\Local\Temp

• In C:\Windows\Temp or C:\Windows\SystemTemp if a service account installs it

Important log files include:

• Azure Advanced Threat Protection Microsoft.Tri.Sensor.Deployment.Deployer_YYYYMMDDHHMMSS.log

• Azure Advanced Threat Protection Sensor_YYYYMMDDHHMMSS.log

• Azure Advanced Threat Protection Sensor_YYYYMMDDHHMMSS_001_MsiPackage.log

Tip: Always check these logs first. They show the exact step where the Azure ATP Sensor installation stops.

Service Startup Failures

You may see some signs when the updater service does not start:

• The Azure ATP Sensor looks stopped in the management console.

• The updater service stays stuck at "starting."

• System logs show many "unexpected restart" messages.

• The installation gets stuck halfway and then times out.

• After the timeout, the installer removes the sensor from the console.

These problems can happen even if other domain controllers work fine. Proxy settings often cause these issues. Sometimes, permissions or other things in your environment cause trouble. You might see the Azure ATP Sensor fail to install even after you try using a proxy or turn off endpoint protection.

Common Causes

Service Dependencies

Sometimes, the Azure ATP Sensor will not install if your system is missing needed services. The sensor needs some Windows services to work right. If Windows Update or Background Intelligent Transfer Service (BITS) are turned off or set up wrong, the Updater Service cannot start. You should make sure these services are running and have no errors. If your system files are missing or too old, the sensor will not install. The sensor also needs to use certain folders like C:\Windows\SoftwareDistribution to finish updates and set up.

Note: If you see errors about services not starting, check Windows Update and BITS. Make sure both are on and set to start by themselves.

Permissions and Accounts

Wrong permissions or account settings can stop the Updater Service from working. You must use an account with local machine rights to install the Azure ATP Sensor. The directory service account in the Azure ATP portal needs to read all objects in your domain. You can use a normal Active Directory user or a Group Managed Service Account. You do not need Global Admin rights to install.

If you use a user account with too few rights, you may get access denied errors. The sensor cannot change system files or folders without admin rights. Important folders like C:\Windows\SoftwareDistribution must let you read and write. If update services are off or set up wrong, the Updater Service will not start.

• You need to be a local admin to install.

• The directory service account must read the domain.

• Do not use accounts with few permissions.

• Check folder rights for system folders.

Proxy and Network Issues

Network settings are very important for installing the sensor. The Azure ATP Sensor needs the internet to talk to the Defender for Identity cloud service. If you use a proxy, you must let traffic go straight to the sensor URL. SSL inspection and proxies that change traffic are not allowed because they block certificate checks.

Set your proxy to let traffic go to URLs like <workspace-name>sensorapi.atp.azure.com, crl.microsoft.com, and ctldl.windowsupdate.com. Firewalls must let the right ports through, like TCP 443 for SSL and TCP/UDP 53 for DNS. If you set IP addresses by hand, update them often because they can change.

Here is a table of the needed proxy and network settings:

💡 If you use a proxy, always give proxy info when you install. This step helps the sensor connect to the cloud and stops install problems.

Troubleshooting Steps

If the Updater Service does not start, you need to fix it. Use these steps to find and solve the problem. This will help you get the Azure ATP Sensor working.

Check Dependencies

Always check that all needed services are running before you install. If a service is missing or turned off, the install can fail.

• Open the Services console by typing services.msc.

• Find the WMI Performance Adapter (wmiApSrv) service. This service is needed for the sensor. If it is not there or not running, the install may stop.

• Make sure Windows Update and BITS are both running.

• Look at the install logs for messages about missing or failed services.

• Check that all needed services are installed and working.

Note: If a service is missing, add or turn it on before you try again. This step helps you avoid wasting time.

Verify Permissions

You need the right permissions to install and use the Azure ATP Sensor. Without these rights, the Updater Service will not start.

• Use an account with local admin rights on the domain controller.

• Make sure the directory service account in the Azure ATP portal can read everything in your domain.

• You must have read and write access to important folders like C:\Windows\SoftwareDistribution.

• Do not use accounts with low permissions.

If you see access denied errors or cannot change files, check your account and folder rights.

Tip: Running the installer as an admin can fix permission problems.

Configure Proxy Settings

Network and proxy settings are very important for installing the sensor. If your server cannot reach the internet, you must set up a proxy.

• Set up a proxy or gateway if your server cannot go online.

• Make sure the proxy lets you connect to all Microsoft Defender for Endpoint URLs.

• Do not use SSL inspection for these URLs. This keeps the connection safe.

• Do not ask for proxy login for these connections.

• Make sure DNS works right.

If you get error code 0x80070643 or the service keeps stopping, check your proxy settings. The sensor may not find the system proxy by itself. You can add proxy details when you install by using command line options like ProxyUrl and AccessKey.

Important: Always use Microsoft’s official guide for proxy setup. This helps you avoid common network problems.

Reinstall or Repair

Sometimes you must repair or reinstall the Azure ATP Sensor to fix problems.

1. Remove the sensor from Programs and Features.

2. Restart the domain controller to clear locked files or services.

3. Get the newest installer from the Azure portal.

4. Run the installer as an admin.

5. If you use a proxy, add the proxy info in the install command. For example:

AzureATPSetup.exe /quiet AccessKey=<your-access-key> ProxyUrl=http://yourproxy:port

1. After you install, check that the Updater Service starts and the sensor looks healthy in the console.

💡 If you use old Windows or special networks, check Microsoft’s guide for more URLs and settings.

Confirming Fixes

Validate Service Status

After you fix the install problem, you must check if the Updater Service works. There are a few ways to do this:

1. Open the Services console by typing services.msc in the Start menu.

2. Look for Windows Update, Cryptographic Services, and Background Intelligent Transfer Service.

3. Double-click each one and set Startup type to Automatic.

4. If you can click Start, do it. If not, click Stop first, then Start.

5. Click Apply and OK to save your changes.

6. Restart your computer so updates can finish.

You can also look at the authorization.xml file inside the authcab.cab at C:\Windows\SoftwareDistribution\AuthCabs\. The expiry date in this file should be up to date. If Windows Update works and installs updates, the service is running fine.

✅ If the Updater Service is running and the authorization file is current, your system is ready for the Azure ATP Sensor.

Monitor Sensor Health

You need to know how to check if the Azure ATP Sensor is healthy after you install it. The Microsoft 365 Defender portal helps you see sensor status and health alerts.

1. Go to the Microsoft 365 Defender portal at

https://security.microsoft.com/

1. .

2. Click Settings and pick Sensors to see all sensors.

3. Look at the dashboard for last communication time, error codes, and actions you should take.

4. Make sure the sensor talks to the Defender service and shows a healthy state.

5. Go to Settings > Identities > Health issues to see all health alerts for your tenant.

6. Follow the steps in any alerts to fix problems.

Checking these things often helps you make sure the Azure ATP Sensor is installed, set up, and protecting your environment.

💡 Watching sensor health helps you find problems early and keep your security strong.

You might see the install fail if there are permission problems, missing services, or wrong proxy settings. Some main reasons are not getting service account details, seeing many HTTP errors during setup, or using a proxy that needs a login but does not have one.

Writing down logs and making a table of known problems helps you fix things faster.

FAQ

What does error code 0x80070643 mean during Azure ATP Sensor installation?

Error code 0x80070643 shows up if the installer cannot get to needed system resources or proxy settings. This error usually means there are permission issues or missing network setup.

What services must run before you install the Azure ATP Sensor?

You need Windows Update, Background Intelligent Transfer Service (BITS), and WMI Performance Adapter to be running. These services let the sensor update and talk to the cloud.

What should you check if the Updater Service stays stuck at "starting"?

• Look at service dependencies in services.msc.

• Make sure proxy settings follow Microsoft’s rules.

• Check install logs for lots of HTTP errors.

What account permissions do you need for a successful installation?

You have to use a local administrator account. The directory service account in Azure ATP must read all domain objects. If you do not have these rights, the sensor will not install.

What steps help you confirm the sensor works after installation?