User Profile
Tiennes
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Missing Azure Defender GPO Policies missing
Hi Community, I have a problem that I need your help with. I have deployed Azure Defender on Windows Server 2019 servers, running on Microsoft Azure. Azure Security Center is enabled on subscription as also on the Log Analytics Workspace. After the installation, some GPO policies for the configuration of Attack Surface Reduction are missing from the Group Policy Management Editor, I'm missing these policies: Windows Defender Antivirus Windows Defender Application Guard Windows Defender Exploitation Guard Windows Defender Smartscreen Situation Normally the deployment goes automatically from the Azure Security Center, after setting the status from the option Log Analytics agent for Azure VMs to On from the Auto provisioning blade in the Azure Security Center. But, this implementation is slightly different because there are two virtual servers in this subscription that absolutely should not have Azure Defender installed on them. I have installed Azure Defender by using the 'Using the Local Script' from the deployment method in Microsoft Defender on my Domain Controller. I have checked if Azure Defender is running and the alerts are showing up in my Microsoft Defender Portal. Azure Defender Plan is Enabled on subscription level. Azure Defender for Servers is Enabled on the subscription level. Azure Defender Plan is Enabled on the Log Analytics Workspace. Azure Defender for Servers is Enabled on the Log Analytics Workspace. The Microsoft.Azure.AzureDefenderForServers.MDE.Windows extension is added to the Virtual Machines. The Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent extension is added to the Virtual Machines. The integration with Microsoft Defender for Endpoint and Cloud App Security is Enabled. In the Inventory blad in the Azure Security Center, I can see that the Virtual Machines are in the Monitored state and that Azure Defender is showing as On. Do you know why I'm missing those policies? I want to configure Attack Surface Reduction rules in my Windows Server 2018 environment but I'm not able to configure ASR due to the missing GPO policies. Thanks in advance for your help!Solved
Groups
Recent Blog Articles
No content to show