Defender for Endpoint onboarding through Defender for Cloud integration on AVD

AdamBudziski-8216 16 Reputation points
2024-02-19T16:28:32.35+00:00

Hi,   We have a subscription that is dedicated to Azure Virtual Desktop. In Defender for Cloud the Servers Plan 2 has been enabled. Now looking here https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-defender-for-servers#what-s-this--mde-windows-----mde-linux--extension-running-on-my-machine- it is stated:   Defender for Cloud automatically deploys the extension to machines running: ·         Windows 10 on Azure Virtual Desktop.   Now if I check any of the AVD’s under extensions they DO have the extension   User's image  However, I just don’t see the devices in https://security.microsoft.com/ ….    AFAIK the extension is responsible for the onboarding process, I assume that Windows 10 should have AV/EDR Defender already built-in and nothing needs to be installed before. If I go and look for onboarding for Windows 10 devices it tells me to download the onboarding package ONLY. User's image

What am I missing ?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,348 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Oleksandr Romaniuk 470 Reputation points
    2024-03-03T16:08:22.9166667+00:00

    Hello!

    If you have the status "Provisioning succeeded" - it means that Defender was installed on your server. This MDE.Windows extension initiates Defender installation, is responsible for the onboarding process, and checks of health status of Defender. Then you should see the server in https://security.microsoft.com/, if not, then check on the firewall if the server can connect to Microsoft services and check the server's network configuration. Most likely the problem is with the network or with the DNS name (maybe you onboarded this server to Microsoft EDR with another hostname).

    There is no need to download and run the onboarding configuration package if the status of MDE.Windows is successful. You are right, the onboarding package in the Microsoft Defender portal simply configures the Defender and binds this device to your tenant.

    You can also check the status of Defender from Powershell via commands: Get-MpPreference and Get-MpComputerStatus.


    If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.