Forum Discussion
Defender for Server deployed, integration for DfE checked, but M365 Defender showing "Can be onboard
StanislavBelov - Thank you for taking the time to respond, and apologies for the lag in replying. The servers have been onboarded for ~7days so the 12 hour grace period, and I would assume any other grace period should have passed.
In order to make troubleshooting steps easier and to use as a reference for others, I am going to concentrate on a single server (although all servers are failing to appear in DfE). The server in question is on-prem, running Windows 2022, with Azure Arc successfully installed.
From the referenced article - https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows
The server meets the requirement listed under https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#availability
To confirm that the https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#prerequisites are met:
- The machine(s) are connected to Azure via Azure Arc.
2. Microsoft Defender for Servers is enabled and set to plan 2
3. Allow Microsoft Defender for Endpoint to Access my data is checked
4. Defender for Endpoint Security Center shows the server as "Can be onboarded" rather than Onboarded and the associated additional information
Running the MDE Client Analyzer to confirm connectivity to required URL (no proxy in the environment) returned an error:
MicrosoftPaul Bendall Did you get this sorted out? I am evaluating Microsoft Defender for cloud, onboarded servers via Azure ARC and having the same issue. MDE shows as device can be onboarded!
