Open ruslangalasun opened 2 years ago
To add some context, this is the code I'm using in my ARM template:
{ "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Windows')]", "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Windows", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[parameters('WorkspaceId')]", "forceReOnboarding": false }, "protectedSettings": {} } }
Hopefully, someone can look into this issue soon. Here are some additional troubleshooting details that I did. When I looked at one of the older VMs that we have I saw the following files for the Extension:
In this case, the extension was provisioned successfully and we didn’t see any issues.
Here is a screenshot from a new VM where the extension is failing:
You can see that WindowsDefenderATPOnboardingScript file is missing, which is exactly what the error message is complaining about:
MDE extension deployment is returning the error below. I tried the deployment using Azure DevOps first and then did the manual ARM deployment through Azure Portal.
Status Message: VM has reported a failure when processing extension 'MDE.Windows'. Error message: "Failed to configure Microsoft Defender for Endpoint: Protected Setting defenderForEndpointOnboardingScript does not exist, please use mdeOnboardings API to retreive it (https://docs.microsoft.com/en-us/rest/api/securitycenter)"