Forum Discussion
Re-install MDE.Windows extension
Huge apologies for not posting sooner. I did not end up testing this out in my tenant as planned, but here it as provided by the Microsoft engineer. Hope it works!
Step 1
$vm = Get-AzConnectedMachine -ResourceGroupName <Your RG name> -Name <Your VM name>
Step 2
$mdePackage = Invoke-AzRestMethod -Uri https://management.azure.com/subscriptions/$($vm.id.split('/')[2])/providers/Microsoft.Security/mdeOnboardings/?api-version=2021-10-01-preview
Step 3
$protectedSetting = @{
"defenderForEndpointOnboardingScript" = ($mdePackage.content | ConvertFrom-Json).value.properties.onboardingPackageWindows
}
/home/xxx> $Setting = @{
"azureResourceId" = $vm.Id
"vNextEnabled" = $true
}Step 4
New-AzConnectedMachineExtension -Name 'MDE.Windows' -ExtensionType 'MDE.Windows' -ResourceGroupName $vm.ResourceGroupName -MachineName $vm.Name -Location $vm.Location -Publisher 'Microsoft.Azure.AzureDefenderForServers' -Settings $Setting -ProtectedSetting $protectedSetting -AutoUpgradeMinorVersion -TypeHandlerVersion '1.0'
i have the same problem. It's impossible to install this using Extension so in my case i manualy install this package (you can download it from security.microsoft.com -> Settings -> Endpoint -> Onboarding).
You can try do this in another way - uninstall all installed product (in this case only ARC because MDE is not installed) and install this one more time - and here should be normal automatic deploy process (if you have configure automatic agent provisioning).
Regards!
Either way is not straightforward. Although the instructions have been provided to me by Microsoft support, I want to test out both ways in my own tenant so can share my experience in doing this
- We attempted this yesterday on a call with Microsoft engineers for troubleshooting and as it turned out, it failed. Microsoft engineers are figuring out the issue and resolving this