How can i onboard windows 2016 datacenter gen 2 to vulnerbility assessment using microsoft cloud defender

azure-cloud 1 Reputation point
2022-05-15T05:49:56.867+00:00

I have tried onboarding the above mentioned virtual machine for vulnerability assessment in azure microsoft defender for cloud . But the agent that is being installed for microsoft defender for endpoint "MDE.windows" is not provisioning successfully, could you guys tell what could the issue?

Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
635 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,193 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 27,886 Reputation points Microsoft Employee
    2022-05-16T06:58:25.98+00:00

    @azure-cloud

    Thank you for reaching out to us. As per your query I understand you are unable to see Windows 2016 server in MDE portal after onboarding it via Defender for Cloud.

    There is a integration check box which needs to be checked on the Defender for Cloud portal, below is the screenshot for your reference, here are the steps for the same

    1. From Defender for Cloud's menu, select Environment settings and select the subscription with the Windows machines that you want to receive Defender for Endpoint.
    2. Select Integrations.
    3. Select Allow Microsoft Defender for Endpoint to access my data, and select Save.

    202185-image.png

    Reference article: https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#:~:text=Enable%20the%20integration

    Once this option is checked & verified, run a detection test ( triggers a alert ) mentioned in this article from the server ( which is being onboarded ) - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-detection-test?view=o365-worldwide and verify the same whether server is onboarded to MDE portal or not.

    If you've enabled the integration, but still don't see the extension running on your machines, refer this article/section for more troubleshooting steps - https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#:~:text=I%27ve%20enabled%20the%20solution%20but%20the%20%22MDE.Windows%22%20/%20%22MDE.Linux%22%20extension%20isn%27t%20showing%20on%20my%20machine

    Let me know if you encounter any issues with the above steps.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments
  2. Luke Murray 10,526 Reputation points MVP
    2022-05-16T08:30:36.073+00:00

    The Azure extension logs will be a good place to start:

    You could try deallocating and starting the machine up again to force the VM agent to reinitialise and upgrade itself if required first.

    0 comments