Cloned VMs Not Showing MDE Extension Installed in Azure Arc

Question

Last week I cloned an on premise VMWare server to 3 more, and I reinstalled Azure Arc and ran the onboarding script for Defender ATP. Today I noticed that the 3 ones I cloned do show up fine in Azure Arc but all 3 of those clones show Not Enabled under the Defender Extension header, and if I go into the Settings of those 3 VMs under Extensions I do not see the MDE.Windows extension listed so surely that's why. How can I fix this? I ran the DefenderATP onboarding script again on them and that didn't seem to do the trick.

Answer 1

Thanks for posting your question in the Microsoft Q&A forum.

Here are some steps you can take to resolve this issue:

• Check if Microsoft Defender for Cloud is enabled for your subscription and if the "Automatic Provisioning" setting is turned on for the servers, the MDE.Windows extension should install automatically on all Arc-enabled servers in your subscription.
• If Automatic Provisioning is not enabled or if it's not working as expected, you can manually install the MDE.Windows extension on the cloned servers, download the installation script from the Microsoft 365 Defender portal (https://security.microsoft.com/), Run the script on each of the cloned servers.
• Review the cloning process and ensure that all necessary configurations and settings were properly transferred to the cloned servers.
• Double-check that the Azure Arc onboarding process was completed successfully on the cloned servers. if there were any issues during the onboarding process, it might have prevented the MDE.Windows extension from being installed correctly.
• Ensure that there are no firewall or network restrictions that might be blocking the communication between the cloned servers and the Microsoft Defender for Endpoint service.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful