Forum Discussion
Defender for Endpoint on EFLOW?
While this command does enable the Defender agent inside the EFLOW VM, you still need to manually onboard the EFLOW VM to Microsoft Defender for Endpoint using the Linux onboarding script or the unified installation package.
If you have correctly installed the agent, you can verify the status locally within the EFLOW VM by running mdatp health or mdatp status. Centrally, the EFLOW VM should appear as a Linux device in the Microsoft 365 Defender portal once telemetry starts flowing in. If it doesn't show up, confirm that the onboarding script was executed and the VM has internet connectivity to Defender service endpoints. Also ensure your EFLOW image has outbound access to required MDE endpoints (*.securitycenter.microsoft.com, etc.). Basically, enabling the feature flag alone is not enough; onboarding and connectivity validation are also required per current Microsoft Learn guidance.
Thanks! This clarifies things a lot. A comprehensive overview is difficult to find.
Checking if i understand correctly on the key points:
The onboading script is what you download from the Azure Defender Portal? (https://learn.microsoft.com/en-us/defender-endpoint/linux-installer-script)
To run the onboarding script to install the agent, only access to the MDE endpoints is needed, right?