"Endpoint protection should be installed on your machines" still showing after enabling the MDE

Filipe Souza (IT - Infra-SDT) 0 Reputation points
2024-08-09T20:29:53.4966667+00:00

I already had the MDE extension installed on my Virtual machines (both for Windows and Linux servers).

Screenshot 2024-08-09 at 17.24.59

 

Those VMs are reporting correctly installed and the logs are reporting the correctly installation but the CIS Microsoft Azure Foundations Benchmark v2.0.0 policy still show my VMs as non-compliant. There is anything that I can do to troubleshoot this and remove this message?

 

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,339 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 18,281 Reputation points Microsoft Employee
    2024-08-13T08:28:08.3666667+00:00

    @Filipe Souza (IT - Infra-SDT)

    Thank you for posting this in Microsoft Q&A.

    As I understand you have MDE extensions installed in your environment for VM's. However, CIS Microsoft Azure Foundations Benchmark v2.0.0 policy still show my VMs as non-compliant.

    If the CIS Microsoft Azure Foundations Benchmark v2.0.0 policy is still showing your VMs as non-compliant, there might be some other issues

    Check if the MDE extension is enabled and running on your virtual machines. You can do this by going to the Azure portal, selecting the virtual machine, and then checking the Extensions tab. Make sure that the MDE extension is listed, and its status is reported as "Running".

    If it is enabled, then make sure that it is reporting data to Azure Security Center. You can check this by logging in to Azure Security Center.

    If above mentioned is already confirmed than you can check and confirm if the CIS Microsoft Azure Foundations Benchmark v2.0.0 policy is properly assigned to your subscription or resource group. You can do this by going to the Azure Policy dashboard, selecting the policy, and then checking the Assignments tab.

    You can check and confirm if all the virtual machines are properly tagged as CIS Microsoft Azure Foundations Benchmark v2.0.0 policy requires that all virtual machines are tagged with the "Owner" and "Environment" metadata

    Let us know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.