SOLVED

Create MDE tenant having only Azure Defender for Servers licenses

%3CLINGO-SUB%20id%3D%22lingo-sub-2233768%22%20slang%3D%22en-US%22%3ECreate%20MDE%20tenant%20having%20only%20Azure%20Defender%20for%20Servers%20licenses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2233768%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esomehow%20I'm%20not%20able%20to%20figure%20out%20how%20to%20create%20a%20MDE%20tenant%20if%20having%20only%20Azure%20Defender%20for%20Servers%20license%20which%20includes%20the%20license%20for%20MDE%20for%20Servers.%3C%2FP%3E%3CP%3EWhen%20I%20browse%20to%20URL%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2F%2C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2F%3C%2FA%3E%26nbsp%3BI%20get%20the%20%22No%20subscription%20found%22%20page.%3C%2FP%3E%3CP%3EI'm%20logged%20in%20Azure%20Security%20Center%20(%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_Azure_Security%2FSecurityMenuBlade%2F0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_Azure_Security%2FSecurityMenuBlade%2F0%3C%2FA%3E)%26nbsp%3Bas%20a%20user%20who%20has%20Global%20Administrator%20role%20assigned.%3C%2FP%3E%3CP%3EWhat%20is%20the%20correct%20procedure%20to%20provision%20the%20MDE%20tenant%20in%20such%20case%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EJan%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2235151%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20MDE%20tenant%20having%20only%20Azure%20Defender%20for%20Servers%20licenses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2235151%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F717318%22%20target%3D%22_blank%22%3E%40jcescut%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Jan%2C%3C%2FP%3E%3CP%3EWe%20need%20to%20enable%3CSPAN%3E%26nbsp%3BMCAS%2FMDATP%20integration%20in%20Azure%20Security%20Center%20via%20API.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EPlease%20follow%20the%20steps%20in%20the%20article%3A%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Frest%2Fapi%2Fsecuritycenter%2Fsettings%2Fupdate%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESettings%20-%20Update%20(Azure%20Security%20Center)%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ftemplates%2Fmicrosoft.security%2F2019-01-01%2Fsettings%3Ftabs%3Djson%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft.Security%2Fsettings%202019-01-01%20-%20ARM%20template%20reference%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMay%20be%20Azure%20Security%20Center%20community%20can%20provide%20clarity%2Fconfirmation.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EBalaji%20R%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2236540%22%20slang%3D%22en-US%22%3ERe%3A%20Create%20MDE%20tenant%20having%20only%20Azure%20Defender%20for%20Servers%20licenses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2236540%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F877623%22%20target%3D%22_blank%22%3E%40Balaji_R%3C%2FA%3E%3A%26nbsp%3BI'm%20not%20sure%20if%20this%20is%20the%20same%20issue%20that%20I'm%20having.%20In%20my%20case%20I%20don't%20even%20have%20an%20active%20Defender%20for%20Endpoint%20tenant.%20And%20cannot%20simply%20create%20one%20as%20there%20are%20no%20%22user-based%22%20MDE%20licenses%20available%20-%20this%20particular%20Azure%20tenant%20is%20a%20pure%20IaaS%20environment%20containing%20just%20some%20Windows%20Server%20VMs%20and%20an%20active%20Azure%20Defender%20for%20Servers%20subscription%20(which%20includes%20a%20license%20for%20MDE%20for%20Servers).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20I%20request%20a%20MDE%20trial%20subscription%2C%20assign%20the%20MDE%20license%20to%20one%20of%20the%20users%20in%20Azure%20AD%20(the%20admin%20user%20which%20is%20used%20for%20administration%20tasks)%20and%20then%20create%20the%20MDE%20tenant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

somehow I'm not able to figure out how to create a MDE tenant if having only Azure Defender for Servers license which includes the license for MDE for Servers.

When I browse to URL https://securitycenter.windows.com/ I get the "No subscription found" page.

I'm logged in Azure Security Center (https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/0) as a user who has Global Administrator role assigned.

What is the correct procedure to provision the MDE tenant in such case?

 

Kind regards,

Jan

 

3 Replies

@jcescut 

Hi Jan,

We need to enable MCAS/MDATP integration in Azure Security Center via API. 

Please follow the steps in the article: - Settings - Update (Azure Security Center) | Microsoft Docs

Microsoft.Security/settings 2019-01-01 - ARM template reference | Microsoft Docs

 

May be Azure Security Center community can provide clarity/confirmation. 

 

Thanks,

Balaji R

@Balaji_R: I'm not sure if this is the same issue that I'm having. In my case I don't even have an active Defender for Endpoint tenant. And cannot simply create one as there are no "user-based" MDE licenses available - this particular Azure tenant is a pure IaaS environment containing just some Windows Server VMs and an active Azure Defender for Servers subscription (which includes a license for MDE for Servers).

 

Should I request a MDE trial subscription, assign the MDE license to one of the users in Azure AD (the admin user which is used for administration tasks) and then create the MDE tenant?

 

best response confirmed by Marc_M (Microsoft)
Solution

@jcescut 

Hi Jan,

As per the article, "When you use Azure Security Center to monitor your servers, a Microsoft Defender for Endpoint tenant is automatically created"

 

Please update if you have referred the section "Enabling the Microsoft Defender for Endpoint integration" in the article Using the Microsoft Defender for Endpoint license included with Azure Security Center | Microsoft Do...