Update – 2021-12-15 – I can confirm that the December Windows Updates have fixed this issue for us.
After installing OS updates on all of our servers in November 2021 we ended up with three servers, all running 2019 Core and all Domain Controllers, where the Windows Defender Advanced Threat Protection Service would not start.
With out the Windows Defender Advanced Threat Protection Service running these servers do not report to M365 ATP.
Manually trying to start the service results in an Error 1053:
and via PowerShell:
PS C:\Users\me> Start-Service sense Start-Service : Service 'Windows Defender Advanced Threat Protection Service (sense)' cannot be started due to the following error: Cannot start service sense on computer '.'. At line:1 char:1 + Start-Service sense + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
Microsoft Support has confirmed with me this is a known issue with the November 2021 updates and should be addressed in December 2021 updates.
Hopefully this saves you a support ticket.