After configuring ATP with a SEPM Controller connection, the connection appears to fail. Blacklist policies from ATP fail to arrive at SEPM.
With the ATP UI, the System Activity Log shows one or more events with a message of "ATP could not successfully deliver the MD5 Blacklist policy to SEPM. Status code: 400"
Multiple possible causes.
In ATP UI, on Settings> Global, the Endpoint Controllers list contains one or more configured SEPM Controller connections.
For more detailed information on the response SEPM provided to ATP, collect and examine the following logs from the SEPM: