Forum Discussion
Solved
Re-install MDE.Windows extension
Onboarding several servers into MDE via Azure Arc. For one of the servers, experienced this error when Azure Arc tried to install the MDE.Windows extension. I suspect need to re-install the ...
Huge apologies for not posting sooner. I did not end up testing this out in my tenant as planned, but here it as provided by the Microsoft engineer. Hope it works!
Step 1
$vm = Get-AzConnectedMachine -ResourceGroupName <Your RG name> -Name <Your VM name>
Step 2
$mdePackage = Invoke-AzRestMethod -Uri https://management.azure.com/subscriptions/$($vm.id.split('/')[2])/providers/Microsoft.Security/mdeOnboardings/?api-version=2021-10-01-preview
Step 3
$protectedSetting = @{
"defenderForEndpointOnboardingScript" = ($mdePackage.content | ConvertFrom-Json).value.properties.onboardingPackageWindows
}
/home/xxx> $Setting = @{
"azureResourceId" = $vm.Id
"vNextEnabled" = $true
}Step 4
New-AzConnectedMachineExtension -Name 'MDE.Windows' -ExtensionType 'MDE.Windows' -ResourceGroupName $vm.ResourceGroupName -MachineName $vm.Name -Location $vm.Location -Publisher 'Microsoft.Azure.AzureDefenderForServers' -Settings $Setting -ProtectedSetting $protectedSetting -AutoUpgradeMinorVersion -TypeHandlerVersion '1.0'
Hi,
I had the same issue.
In my case mostly downlevel os servers were affected. I had to fix those manually (see https://github.com/microsoft/mdefordownlevelserver).
Would be great to have an automated way to fix this (e.g. via Azure Arc extension or maybe via Azure Policy (?))
Regards,
Phil
I had the same issue.
In my case mostly downlevel os servers were affected. I had to fix those manually (see https://github.com/microsoft/mdefordownlevelserver).
Would be great to have an automated way to fix this (e.g. via Azure Arc extension or maybe via Azure Policy (?))
Regards,
Phil
- By doing this manually, my understanding is that although they will be onboarded, Azure Arc won't recognise this and the MDE.Windows extension won't show as being installed for that server.
Was that your experience too?- Indeed, in my case after a while (can't say how long it really took) after the manual onboarding the MDE.Windows extension was shown again in the Azure Arc | Servers view.