Error on Token Registration page: "The service account user could not be logged in or has not been configured. Token Registration cannot proceed"
The Defender service account does not have logon privileges on the Defender Security Service (DSS) server. This is a common problem if the DSS server is an Active Directory server where, by default, no one but Administrators are allowed to log in. Also, some organizations have policies that explicitly deny interactive login to service accounts.
Check that the "Deny log on locally" and "Deny log on as a service" policies are not defined for the service account.
Ensure that the service account is in a group that is explicitly listed in the "Allow log in locally" policy. This can be tested by trying to log on to the DSS server at the console with the service account credentials.