Forum Discussion
Defender for Server deployed, integration for DfE checked, but M365 Defender showing "Can be onboard
I'm sure I'm missing something in the slightly complicated way of enabling servers for DfE via Defender for Cloud Server. The licensing is in-place the checkboxes to share data are ticked. The servers are showing as onboarded in Defender for Cloud however, the one portal to rule them all - Microsoft Defender 365 - is still showing the servers as "Can be onboarded" and missing the data of a properly onboarded DfE client.
Where should I start my troubleshooting to determine what I've missed or what is going wrong?
Paul
5 Replies
Hi, I am experiencing the same issue.
Defender service is running, and I see the registry for Defender Plan 2 though my servers still say 'can be onboarded.
Was there a fix for this?- StanislavBelov
Microsoft
Please make sure all pre-reqs are in place: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
Make sure that all network requirements are also met: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide
It can take up to 12h before the machine shows up in m365defender portal.StanislavBelov - Thank you for taking the time to respond, and apologies for the lag in replying. The servers have been onboarded for ~7days so the 12 hour grace period, and I would assume any other grace period should have passed.
In order to make troubleshooting steps easier and to use as a reference for others, I am going to concentrate on a single server (although all servers are failing to appear in DfE). The server in question is on-prem, running Windows 2022, with Azure Arc successfully installed.
From the referenced article - https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
The server meets the requirement listed under https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#availability
To confirm that the https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#prerequisites are met:
- The machine(s) are connected to Azure via Azure Arc.
2. Microsoft Defender for Servers is enabled and set to plan 2
3. Allow Microsoft Defender for Endpoint to Access my data is checked
4. Defender for Endpoint Security Center shows the server as "Can be onboarded" rather than Onboarded and the associated additional information
Running the MDE Client Analyzer to confirm connectivity to required URL (no proxy in the environment) returned an error:
- StanislavBelovInteresting... Paul, could you please open a support ticket for this one so that our support folks can review the backend logs and help you troubleshoot.
