Advanced Threat Protection

I've upgraded to ATP 3.0, all SEP agents are on SEP 14 RU1, I've enabled EDR 2.0

Still only about a third of all endpoints have enrolled into ATP. The enrolled endpoints are primarliy desktops.

What suprises me is that I am not seeing any servers. I would at least expect to see a few servers as they are online 24/7.

• The servers are using the antivirus and Sonar component .
• There is no firewall between the servers and the ATP appliance
• Servers are on SEP 14 RU1
• In SEPM I have configured the group to use ATP in the private cloud setting under "external communication"
• Mix of Windows Server 2008,2012,2016

Any ideas why I am not seeing any servers in ATP?

Seems like I found the answer my self. The desktop group was the only group that inherented from "My company".

Apperantly it's not enough to add the ATP to the private cloud configuration page on all non-inherited groups. 

The configuration must be done through the ATP GUI to cover all groups.

I had to check this option in the ATP GUI EDR wizard to cover groups that is not inheriting settings from the root "my company" group.

"Apply private cloud policies to all non-default SEPM groups to ensure that private cloud policies for the top-level Symantec Endpoint Protection Manager group 'My Company' and its inherited groups are always overwritten regardless of whether you select this option"

https://support.symantec.com/en_US/article.HOWTO127750.html