question

azurecloud-7276 avatar image
0 Votes"
azurecloud-7276 asked Givary-MSFT edited

How can i onboard windows 2016 datacenter gen 2 to vulnerbility assessment using microsoft cloud defender

I have tried onboarding the above mentioned virtual machine for vulnerability assessment in azure microsoft defender for cloud . But the agent that is being installed for microsoft defender for endpoint "MDE.windows" is not provisioning successfully, could you guys tell what could the issue?

azure-security-centerazure-cloud-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Givary-MSFT avatar image
0 Votes"
Givary-MSFT answered Givary-MSFT edited

@azurecloud-7276

Thank you for reaching out to us. As per your query I understand you are unable to see Windows 2016 server in MDE portal after onboarding it via Defender for Cloud.

There is a integration check box which needs to be checked on the Defender for Cloud portal, below is the screenshot for your reference, here are the steps for the same

  1. From Defender for Cloud's menu, select Environment settings and select the subscription with the Windows machines that you want to receive Defender for Endpoint.

  2. Select Integrations.

  3. Select Allow Microsoft Defender for Endpoint to access my data, and select Save.

202185-image.png

Reference article: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#:~:text=Enable%20the%20integration

Once this option is checked & verified, run a detection test ( triggers a alert ) mentioned in this article from the server ( which is being onboarded ) - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-detection-test?view=o365-worldwide and verify the same whether server is onboarded to MDE portal or not.

If you've enabled the integration, but still don't see the extension running on your machines, refer this article/section for more troubleshooting steps - https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#:~:text=I%27ve%20enabled%20the%20solution%20but%20the%20%22MDE.Windows%22%20/%20%22MDE.Linux%22%20extension%20isn%27t%20showing%20on%20my%20machine

Let me know if you encounter any issues with the above steps.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.





image.png (72.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

lukemurraynz avatar image
0 Votes"
lukemurraynz answered

The Azure extension logs will be a good place to start:

You could try deallocating and starting the machine up again to force the VM agent to reinitialise and upgrade itself if required first.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.