Forum Discussion

Erik_Snijder's avatar
Erik_Snijder
Copper Contributor
Oct 19, 2023

Machines should have a vulnerability assessment solution - troubleshooting

We have a lot of VM's with recommendation: Machines should have a vulnerability assessment solution.

These VM's are Windows Multission Desktop,

  • Defender for Endpoint plan 2 is enabled on subscription level
  • the MDE extension has status 'provisioning succeeded
  • MDE extension has been reÏnstalled for troubleshooting
  • They don't have the recommendation 'Endpoint protection should be installed on machines'
  • The Get-MPComputerstatus shows all running and true
  • Manual reïnstallation of MDE (installation script and extension) does not have effect.

However: 

  • The VM does not appear under Assets in the Microsoft 365 Defender portal 

I would presume the fact that the VM does not appear in 365 Defender and the fact that a vulnerability assessment is missing in Defender for Cloud are related. But how can I troubleshoot this issue, what is the link between MDE and the Defender 365 tenant. Azure support didn't succeed in solving the problem. Can anybody assist?

Regards, Erik

2 Replies

Sort By
  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor
    Oct 19, 2023

    Hi Erik_Snijder,

    to troubleshoot the issue that you are experiencing, you can follow these steps:

    1. Check if the VM has been onboarded to Microsoft Defender for Endpoint. You can do this by running the following command on the VM:

     

    Get-MPComputerStatus​

     

    If the output of the command shows that the VM is running and protected, then it has been onboarded to Microsoft Defender for Endpoint. Otherwise, you will need to onboard the VM manually.

    1. Check if the VM has the latest version of the Microsoft Defender for Endpoint agent installed. You can do this by running the following command on the VM:

     

    Get-MpComputerStatus -IncludeDefenderVersion​

     

    If the output of the command shows that the agent version is lower than 1.396.2420.0, then you will need to update the agent.

    1. Check if the VM is communicating with the Microsoft Defender for Endpoint service. You can do this by running the following command on the VM:

     

    Test-MpConnectivity​

     

    If the output of the command shows that the VM is connected, then it is communicating with the Microsoft Defender for Endpoint service. Otherwise, you will need to troubleshoot the communication issue.

    1. If the VM is onboarded to Microsoft Defender for Endpoint, has the latest version of the agent installed, and is communicating with the Microsoft Defender for Endpoint service, but still does not appear in the Microsoft 365 Defender portal, then you can try the following:
    • Restart the Microsoft Defender for Endpoint service.
    • Restart the VM.
    • Remove and reinstall the Microsoft Defender for Endpoint agent.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • Matan_Shabtay's avatar
      Matan_Shabtay
      Icon for Microsoft rankMicrosoft
      Oct 23, 2023
      Adding to that - The same tenant which contains your Azure subscription is being used in MDE. I would suggesting following the guidance given by Leon. If the MDE agent is shown connected then the support case should be opened on M365 Defender.

Resources