Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Azure Arc connected Linux machines

Copper Contributor

I have multiple Linux (various supported distros) connected to Azure via Arc. MDE has deployed automatically and installed successfully on all systems. I created a security group in Entra and added the Service Principal (Entra device objects do not exist, (should they?)) for each Arc connected machine to that Entra Security Group. I have created an Endpoint Security Policy in the Defender portal and applied it to said Entra Security Group. The goal is to manage the auto deployed MDE installation via this policy.

The policy is not applying to any of the Linux servers. The Arc install appears healthy and mdatp health command is showing Healthy:true Licensed:true and the Arc tags etcetera. There are some error logs in /var/log/microsoft/mdatp but nothing jumps out at me as a cause other than the fact that the managed.json file doesn't exist. My question is, how do I get the MDE install to be managed via this Endpoint Security Policy?

3 Replies
I have the same question but then about Windows Machines connected to ARC.

Hoping someone can guide us in the right direction

I just figured out my problem...
Defender Portal -> Settings -> Endpoints -> Configuration Management::Enforcement Scope
I found this in documentation for Intune setting... I'm not using Intune so I naturally wouldn't have used this doc for my setup but regardless here's the link:
This doesn't apply to you but I also set up a Dynamic group in Entra vs. the standard group with which to apply the Endpoint Security Policy.

Thanks for sharing! This option was disabled at my end, when enabling and waiting for a while the machine became MDM managed :)