Event banner
Event details
The DFC Recommendation: Machines should have a vulnerability assessment solution . Is this depending on the MDE.Windows OR MDE.Linux extension? Because we got one client who deployed MDE on their linux environment via ansible and have the DFC MDE automatic onboarding disabled on one subscription and the recommendation for those devices is unhealthy. On another subscription they do have MDE automatic onboarding enabled and the extension do get installed and those devices are healthy in the recommendation. IF not, can you explain deep dive how it's validated?
- Tom_Janetscheck
Microsoft
Hi Thomas,
Defender for Cloud will assess if your machine is using Microsoft Defender Vulnerability Management (MDVM) as part of the integration with Microsoft Defender for Endpoint (MDE) or agentless scanning, the Qualys VA solution as part of Microsoft Defender for Servers Plan 2, or one of the two BYOL VA solutions. In addition, for MDVM integration with Defender for Cloud to be available, it's a separate setting in Settings & Monitoring blade of the subscription.The setting looks good, so that is not the case. Any other suggestion ?
- Tom_JanetscheckIn your scenario, the integration with Defender for Endpoint is disabled which is why Defender for Cloud is not aware of it being installed. With that, no information is shared between MDE and Defender for Cloud, so the recommendation will remain unhealthy. You can use Ansible to deploy MDE to your Linux machines, but in order to get the integration, you will have to enable it. We will then deploy the MDE.Linux extension to these machines, detect the existing installation done via Ansible, and connect it to Defender for Cloud.
