Forum Discussion

RogerPalmen's avatar
RogerPalmen
Copper Contributor
May 21, 2025

Defender for Endpoint on EFLOW?

Hi,

I have several deployments of EFLOW on a Windows Host, and on those EFLOW VM's i want to run Defender for endpoint. Documentation is however very sparse.

Basically only the Set-EflowVmFeature to enable Defender here: https://learn.microsoft.com/en-us/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions#set-eflowvmfeature

 

Is that all there is to it to Install, configure and run Defender within EFLOW? Any ways to check / validate locally on the VM or centrally?

 

3 Replies

  • Ankit365's avatar
    Ankit365
    Iron Contributor
    May 25, 2025

    While this command does enable the Defender agent inside the EFLOW VM, you still need to manually onboard the EFLOW VM to Microsoft Defender for Endpoint using the Linux onboarding script or the unified installation package.

    If you have correctly installed the agent, you can verify the status locally within the EFLOW VM by running mdatp health or mdatp status. Centrally, the EFLOW VM should appear as a Linux device in the Microsoft 365 Defender portal once telemetry starts flowing in. If it doesn't show up, confirm that the onboarding script was executed and the VM has internet connectivity to Defender service endpoints. Also ensure your EFLOW image has outbound access to required MDE endpoints (*.securitycenter.microsoft.com, etc.). Basically, enabling the feature flag alone is not enough; onboarding and connectivity validation are also required per current Microsoft Learn guidance.

    • RogerPalmen's avatar
      RogerPalmen
      Copper Contributor
      May 27, 2025

      Thanks for the overview, really helpful.

      To check if i understand correctly:

      If we use the onboarding script, this takes care of both the agent installation and onboarding onto the Defender portal? (https://learn.microsoft.com/en-us/defender-endpoint/linux-installer-script)

      And the only access this requires is towards the MDE endpoints, right?

    • RogerPalmen's avatar
      RogerPalmen
      Copper Contributor
      May 27, 2025

      Thanks! This clarifies things a lot. A comprehensive overview is difficult to find.

      Checking if i understand correctly on the key points:

      The onboading script is what you download from the Azure Defender Portal? (https://learn.microsoft.com/en-us/defender-endpoint/linux-installer-script)

      To run the onboarding script to install the agent, only access to the MDE endpoints is needed, right?