Hey Marvin yead I did the "Check for new devices" several times no luck. The below FTD's listed on the SSE do not match what the FMC is managing and licensed for which is a total of 4 FTD's. There is a generate token to add new device but I don't know how this is used. It seems like one could manually SSH into an FTD and use the cli somehow to register the device to the portal using the token but that's just my own speculation and have found no doc on its purpose. I opened a TAC so hopefully I get a resolution and will report back what it is. 

Thanks for the update. Please do let us know what the TAC says.

I have found it frustrating at times to get clear answers regarding some of the cloud-based services. The TAC engineers often don't have the access they need to troubleshoot things going on in the back end and it ends up having to go to Cisco Operations team to resolve.

Hey Marvin with my FTD tail site deployments I have management interface configured on the public external G1/1 interface. My event traffic from the Tail sites is successful via NAT into the FMC over TCP\8305 . After working with TAC we eventually discovered link down on the management interface for the devices that are not registering to secure-x (I assume that registration to secure x needs management interface connectivity and will not use the outside configured data management interface ) It appears to be a switch issue most likely negotiation as i am sure with this company these switches are probably unmanaged and 100baseT. 

Interesting, the SecureX integration troubleshooting document says "Both FMC and FTD need a connection to the SSE URLs on their management interface". I suspect it's a bug/oversight for it not to work on the data interface configured as management.

Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215888-integrate-and-troubleshoot-securex-with.html