azsec / scaf-azure-arm-templates

Collection of Azure Resource Manager templates to deploy Azure security baseline services.
https://azsec.azurewebsites.net/
Apache License 2.0
10 stars 19 forks source link

The vm-with-mde template fails to install the Linux extension #2

Open MWL88 opened 2 years ago

MWL88 commented 2 years ago

When deploying the VirtualMachine/vm-with-mde/azuredeploy.json ARM template, the Windows extension installation is successful but the Linux extension fails. The error message is:

VM has reported a failure when processing extension 'MDE.Linux'. Error message: "Failed to configure Microsoft Defender for Endpoint: argument of type 'NoneType' is not iterable ResourceId: /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Compute/virtualMachines/azsec-redhat-vm"

Based on a quick troubleshoot on the Linux VM, it appears the issue is caused by the installation process expecting the protectedSettings property to be populated with something.

When this extension (MDE.Linux) is deployed via remediating an Advisors recommendation, the protectedSettings property is populated with a base64 encoded encrypted string which is read, decoded and decrypted by the extension's installation script.

Please advise if this is a known issue and how the MDE.Linux extension should be deployed via an arbitrary ARM template.

Thanks

azsec commented 2 years ago

Thanks @MWL88 . I will plan on checking this issue and will get back.

peeeteeer commented 2 years ago

Thanks @MWL88 . I will plan on checking this issue and will get back.

any update on this? Having the same problem here

Hacks4Snacks commented 2 years ago

@peeeteeer I have submitted a PR for the addition of a simple Linux VM example with the MDE extension section updated. Below are the MDE updated bits.

{ "comments": "Deploy Microsoft Defender for Linux VM", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Linux')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ], "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Linux", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[subscription().subscriptionId]", "forceReOnboarding": false, "vNextEnabled": "false", "provisionedBy": "Manual" }, "protectedSettings": { "defenderForEndpointOnboardingScript": "[reference(subscriptionResourceId('Microsoft.Security/mdeOnboardings', 'Linux'), '2021-10-01-preview', 'full').properties.onboardingPackageLinux]" } } }

peeeteeer commented 1 year ago

@peeeteeer I have submitted a PR for the addition of a simple Linux VM example with the MDE extension section updated. Below are the MDE updated bits.

{ "comments": "Deploy Microsoft Defender for Linux VM", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Linux')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ], "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Linux", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[subscription().subscriptionId]", "forceReOnboarding": false, "vNextEnabled": "false", "provisionedBy": "Manual" }, "protectedSettings": { "defenderForEndpointOnboardingScript": "[reference(subscriptionResourceId('Microsoft.Security/mdeOnboardings', 'Linux'), '2021-10-01-preview', 'full').properties.onboardingPackageLinux]" } } }

excellent - thanks!!! Did work for me

ThomasKur commented 1 year ago

Can we also specify somehow the proxy server to use in the settings section?