Defender for Endpoint on EFLOW?

Question

Hi,I have several deployments of EFLOW on a Windows Host, and on those EFLOW VM's i want to run Defender for endpoint. Documentation is however very sparse.Basically only the Set-EflowVmFeature to enable Defender here: https://learn.microsoft.com/en-us/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions#set-eflowvmfeature&nbsp;Is that all there is to it to Install, configure and run Defender within EFLOW? Any ways to check / validate locally on the VM or centrally?&nbsp;

ankit365 · Answer

While this command does enable the Defender agent inside the EFLOW VM, you still need to manually onboard the EFLOW VM to Microsoft Defender for Endpoint using the Linux onboarding script or the unified installation package.

If you have correctly installed the agent, you can verify the status locally within the EFLOW VM by running mdatp health or mdatp status. Centrally, the EFLOW VM should appear as a Linux device in the Microsoft 365 Defender portal once telemetry starts flowing in. If it doesn't show up, confirm that the onboarding script was executed and the VM has internet connectivity to Defender service endpoints. Also ensure your EFLOW image has outbound access to required MDE endpoints (*.securitycenter.microsoft.com, etc.). Basically, enabling the feature flag alone is not enough; onboarding and connectivity validation are also required per current Microsoft Learn guidance.