Share via

Defender for cloud vulnerability assessment solution fix not working

Janne Kujanpää 256 Reputation points
Apr 2, 2023, 9:27 AM

Background information:

  • Operating system Windows (Windows Server 2016 Datacenter)
  • Publisher MicrosoftWindowsServer
  • Offer WindowsServer
  • Plan 2016-Datacenter
  • VM generation V1

All endpoint protection related Defender policies are green:

User's image

Defender "A vulnerability assessment solution should be enabled on your virtual machines" policy is being red for one VM and fix not working for us:

User's image


Defender for cloud has following policy “A vulnerability assessment solution should be enabled on your virtual machines”(501541f7-f7e7-4cd6-868c-4190fdad3ac9)

Hitting fix button on defender creates ARM extension resource for the given VM: /subscriptions/a2fdcdd6-6059-xxx-xxx-xxx/resourcegroups/xxx-azure-xxx-test-rg/providers/microsoft.compute/virtualmachines/xxx-xxx-0-test-vm/providers/Microsoft.Security/serverVulnerabilityAssessments/MdeTvm.

Nothing has happened after Microsoft.Security/serverVulnerabilityAssessments/MdeTvm was deployed.

Policy is checking status.code of Microsoft.Security/assessments with name "ffff0522-1e88-47fc-8382-2a80ba848f5d". For us status.code remains in unhealthy state

The documentation does not really give any next steps for troubleshooting: https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management#onboarding-your-machines-to-defender-vulnerability-management

What are the next steps to fix onboarding process?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
954 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,473 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,061 Reputation points Microsoft Employee
    Apr 4, 2023, 1:33 AM

    Hi @Janne Kujanpää ,

    Please access Defender for Endpoint to ensure that the machine was successfully onboarded. You can check the Event IDs and error codes listed in the linked article to ensure that there were no errors in the onboarding process.

    Note also that if you enabled the fix recently, it can take up to 48 hours for the changes to reflect in the vulnerabilty scan. See: FAQ

    If Defender for Endpoint does not show onboarding errors and you have gone past the 48 hour mark but are still seeing this issue, feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak"), include a link to this thread, and your subscription ID, and I can get a one-time free support case opened for you.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar issues.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.