Feb 23 2021 05:45 AM - edited Feb 23 2021 05:50 AM
We are happy to share that Azure Defender integration with MDE (Microsoft Defender for Endpoint) for Windows Server 2019 and Windows 10 Multi-Session (formerly Enterprise for Virtual Desktops (EVD) is now available for Public Preview!
What is MDE and what does the integration include ?
Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution. Its main features are:
Microsoft Defender for Endpoint provides:
The integration of Microsoft Defender for Endpoint with Security Center let’s customers benefit from the following additional capabilities:
Apr 30 2021 03:42 AM
@Stanislav Belov Hi Stanislav, is there any information on how this (technically) works? What are the components communicating? What about the MDE.Windows extension? etc. At this moment, I have several Windows Server 2019 with Azure Defender plan for Servers enabled. The MicrosoftMonitoringAgent extension has been rolled out automatically but the automatic onboarding to Defender for Endpoint doesn't seem to start. Even after waiting 24 hours. When I browse to https://securitycenter.windows.com/ it simply says 'Your subscription has expired'. Unfortunately, with the current documentation, I can't tell where this goes wrong and how to troubleshoot. Do you have any input or guidance on this?
May 10 2021 08:36 AM - edited May 10 2021 08:37 AM
Hi Gertjan,
From my experience once integration is enabled and the first server gets onboarded to ASC, the MDE tenant gets provisioned and it might take sometimes longer than 24h before you can access the MDE portal. I have seen that error myself several times especially with newly (trial) created subscriptions. Just give it some more time. If it still does not work after 2-3 days please raise a support ticket.
Aug 10 2021 04:36 AM
@Gertjan Jongeneel this issue still happens, any news?
Dec 09 2021 04:14 AM
Is there a way of improving the visibility into the timing of the onboarding process? Turning it on and just waiting for an unknown period of time isn't a great experience; particularly in scenarios where MDE is being rolled out in anger to respond to security incidents.
Dec 11 2021 07:00 AM - edited Dec 11 2021 07:02 AM
Hi Ru,
Recently we significantly improved the onboarding process and under normal condition the onboarding should happen within 1-2h (after the server is onboarded to Defender for Cloud), if this take longer than 12h - something is wrong with communications and i would suggest engaging our support.
As far as tracking the process, you can monitor Device Inventory dashboard in the M365 defender portal.
Dec 13 2021 01:41 AM
Jan 14 2022 05:26 PM
@Stanislav Belov
Hi, I find out that when we deploy Windows 10 virtual desktop from Microsoft image plan 20h2-ent, the virtual machine doesn't have the MDE.Windows extension installed.
However, if we deploy another new Virtual machine using copied OS disk from previous VM, this new VM has an MDE.Windows extension installed, but it has error status:
The provisioning of machine xxxxx failed.
Failed to configure Microsoft Defender for Endpoint: Onboarding to MDE via Microsoft Defender for Cloud for this operating system is not supported
I don't understand how does this MDE.Windows extension got installed on the new VM, but not installed on first VM.
Jan 16 2022 08:40 AM
Jan 26 2022 09:49 AM - edited Jan 26 2022 09:50 AM
Thank you Stanislav,
Does Monitoring Agent and Log Analytics Workspace still required for Defender for Cloud? for Azure and non-Azure Servers?
Jan 27 2022 05:52 AM
Mar 09 2022 07:05 AM
@kelvinxjh is your issue resolved i am facing the similar error.
Mar 21 2022 02:52 PM