Forum Discussion
Re-install MDE.Windows extension
Huge apologies for not posting sooner. I did not end up testing this out in my tenant as planned, but here it as provided by the Microsoft engineer. Hope it works!
Step 1
$vm = Get-AzConnectedMachine -ResourceGroupName <Your RG name> -Name <Your VM name>
Step 2
$mdePackage = Invoke-AzRestMethod -Uri https://management.azure.com/subscriptions/$($vm.id.split('/')[2])/providers/Microsoft.Security/mdeOnboardings/?api-version=2021-10-01-preview
Step 3
$protectedSetting = @{
"defenderForEndpointOnboardingScript" = ($mdePackage.content | ConvertFrom-Json).value.properties.onboardingPackageWindows
}
/home/xxx> $Setting = @{
"azureResourceId" = $vm.Id
"vNextEnabled" = $true
}Step 4
New-AzConnectedMachineExtension -Name 'MDE.Windows' -ExtensionType 'MDE.Windows' -ResourceGroupName $vm.ResourceGroupName -MachineName $vm.Name -Location $vm.Location -Publisher 'Microsoft.Azure.AzureDefenderForServers' -Settings $Setting -ProtectedSetting $protectedSetting -AutoUpgradeMinorVersion -TypeHandlerVersion '1.0'
i have the same problem. It's impossible to install this using Extension so in my case i manualy install this package (you can download it from security.microsoft.com -> Settings -> Endpoint -> Onboarding).
You can try do this in another way - uninstall all installed product (in this case only ARC because MDE is not installed) and install this one more time - and here should be normal automatic deploy process (if you have configure automatic agent provisioning).
Regards!
- I've learnt from Microsoft support that it is possible to re-install the MDE.Windows extension manually, as a rest API or via CLI.
Either way is not straightforward. Although the instructions have been provided to me by Microsoft support, I want to test out both ways in my own tenant so can share my experience in doing this- We attempted this yesterday on a call with Microsoft engineers for troubleshooting and as it turned out, it failed. Microsoft engineers are figuring out the issue and resolving this