Forum Discussion
Re-install MDE.Windows extension
Huge apologies for not posting sooner. I did not end up testing this out in my tenant as planned, but here it as provided by the Microsoft engineer. Hope it works!
Step 1
$vm = Get-AzConnectedMachine -ResourceGroupName <Your RG name> -Name <Your VM name>
Step 2
$mdePackage = Invoke-AzRestMethod -Uri https://management.azure.com/subscriptions/$($vm.id.split('/')[2])/providers/Microsoft.Security/mdeOnboardings/?api-version=2021-10-01-preview
Step 3
$protectedSetting = @{
"defenderForEndpointOnboardingScript" = ($mdePackage.content | ConvertFrom-Json).value.properties.onboardingPackageWindows
}
/home/xxx> $Setting = @{
"azureResourceId" = $vm.Id
"vNextEnabled" = $true
}Step 4
New-AzConnectedMachineExtension -Name 'MDE.Windows' -ExtensionType 'MDE.Windows' -ResourceGroupName $vm.ResourceGroupName -MachineName $vm.Name -Location $vm.Location -Publisher 'Microsoft.Azure.AzureDefenderForServers' -Settings $Setting -ProtectedSetting $protectedSetting -AutoUpgradeMinorVersion -TypeHandlerVersion '1.0'
I had the same issue.
In my case mostly downlevel os servers were affected. I had to fix those manually (see https://github.com/microsoft/mdefordownlevelserver).
Would be great to have an automated way to fix this (e.g. via Azure Arc extension or maybe via Azure Policy (?))
Regards,
Phil
Was that your experience too?
- Indeed, in my case after a while (can't say how long it really took) after the manual onboarding the MDE.Windows extension was shown again in the Azure Arc | Servers view.