Defender Reports not showing accurate data (4345420)

Assigned tokens do not appear in Defender reports.  When the token object is viewed in Active Directory (AD) an asterisk "*" appears next to the token serial number.  However, once the user assigned the token has authenticated, the asterisk disappears and the assigned token appears in the Defender report, as expected.

The asterisk appearing next to token serial numbers implies that replication has not completed successfully in AD.  In normal cases when a token is generated and assigned to a user the asterisk will appear briefly and then disappear because replication has completed.  In AD environments where replication may be abnormally slow, the asterisk may remain longer than expected.

In cases where the asterisk remains for extended periods (more than a few minutes, for example) next to a token serial number in AD, we recommend investigating whether there are replication issues in the AD environment.  There are Microsoft KB articles available that discuss AD replication best practices (see "Additional Information" below).

If possible, having the token-assigned user authenticate with the token will force the replication to complete.  However, this is not always possible in situations where multiple token assignments have been carried out.  This is also not necessary in AD environments where replication is occurring normally.