Extension fails to install on Windows VM

[ruslangalasun]

MDE extension deployment is returning the error below. I tried the deployment using Azure DevOps first and then did the manual ARM deployment through Azure Portal.

Status Message: VM has reported a failure when processing extension 'MDE.Windows'. Error message: "Failed to configure Microsoft Defender for Endpoint: Protected Setting defenderForEndpointOnboardingScript does not exist, please use mdeOnboardings API to retreive it (https://docs.microsoft.com/en-us/rest/api/securitycenter)"

[ruslangalasun]

To add some context, this is the code I'm using in my ARM template:

{ "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Windows')]", "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Windows", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[parameters('WorkspaceId')]", "forceReOnboarding": false }, "protectedSettings": {} } }

[ruslangalasun]

Hopefully, someone can look into this issue soon. Here are some additional troubleshooting details that I did. When I looked at one of the older VMs that we have I saw the following files for the Extension:

In this case, the extension was provisioned successfully and we didn’t see any issues.

Here is a screenshot from a new VM where the extension is failing:

You can see that WindowsDefenderATPOnboardingScript file is missing, which is exactly what the error message is complaining about: