Microsoft Defender for Endpoint fails policy deploy to Windows 10 Enterprise VM
We have Microsoft Defender for Cloud enabled and all of our subscriptions have a fully enabled Servers, Plan 2.
And yes, defender does automatically apply the ‘MDE.Windows’ extension to all of our VMs.
I reviewed the compatibility of Defender for Endpoint
https://learn.microsoft.com/en-us/defender-endpoint/minimum-requirements
And under ‘Supported Windows versions’; ‘Windows 10 Enterprise’ is listed as being supported.
All of our VMs are Windows 10 Enterprise. For instance I have a VM created with this offering from the marketplace
“imageReference”: {
“publisher”: “MicrosoftWindowsDesktop”,
“offer”: “Windows-10”,
“sku”: “win10-22h2-ent-g2”,
“version”: “latest”,
“exactVersion”: “19045.4046.240203”
The problem is that when the VM Extension ‘MDE.Windows’ is automatically applied by Defender for Cloud… there is an error status message.
Failed to configure Microsoft Defender for Endpoint: Onboarding to MDE via Microsoft Defender for Cloud for this operating system is not supported. Read more about supported operating systems: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=linux#availability
Digging into the logs, at C:WindowsAzureLogsPluginsMicrosoft.Azure.AzureDefenderForServers.MDE.Windows1.0.10.3on the VM for the plugin i see…
VERBOSE: [2024-07-24 13:46:41Z][Information] Major version: 10
VERBOSE: [2024-07-24 13:46:41Z][Information] Minor version: 0
VERBOSE: [2024-07-24 13:46:41Z][Information] Build version: 19045
VERBOSE: [2024-07-24 13:46:42Z][Information] OS Name: Microsoft Windows 10 Enterprise
VERBOSE: [2024-07-24 13:46:42Z][Information] Product type: 1
VERBOSE: [2024-07-24 13:46:42Z][Information] OperatingSystem SKU: 4
Digging into the plugin code MdeExtensionHandler.ps1 there is this line…
It appears that not ALL versions of Windows 10 Enterprise is supported.
What are my alternatives ?
We have Microsoft Defender for Cloud enabled and all of our subscriptions have a fully enabled Servers, Plan 2. And yes, defender does automatically apply the ‘MDE.Windows’ extension to all of our VMs. I reviewed the compatibility of Defender for Endpointhttps://learn.microsoft.com/en-us/defender-endpoint/minimum-requirementsAnd under ‘Supported Windows versions’; ‘Windows 10 Enterprise’ is listed as being supported. All of our VMs are Windows 10 Enterprise. For instance I have a VM created with this offering from the marketplace “imageReference”: {
“publisher”: “MicrosoftWindowsDesktop”,
“offer”: “Windows-10”,
“sku”: “win10-22h2-ent-g2”,
“version”: “latest”,
“exactVersion”: “19045.4046.240203”
The problem is that when the VM Extension ‘MDE.Windows’ is automatically applied by Defender for Cloud… there is an error status message. Failed to configure Microsoft Defender for Endpoint: Onboarding to MDE via Microsoft Defender for Cloud for this operating system is not supported. Read more about supported operating systems: https://docs.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=linux#availability
Digging into the logs, at C:WindowsAzureLogsPluginsMicrosoft.Azure.AzureDefenderForServers.MDE.Windows1.0.10.3on the VM for the plugin i see… VERBOSE: [2024-07-24 13:46:41Z][Information] Major version: 10
VERBOSE: [2024-07-24 13:46:41Z][Information] Minor version: 0
VERBOSE: [2024-07-24 13:46:41Z][Information] Build version: 19045
VERBOSE: [2024-07-24 13:46:42Z][Information] OS Name: Microsoft Windows 10 Enterprise
VERBOSE: [2024-07-24 13:46:42Z][Information] Product type: 1
VERBOSE: [2024-07-24 13:46:42Z][Information] OperatingSystem SKU: 4
Digging into the plugin code MdeExtensionHandler.ps1 there is this line… It appears that not ALL versions of Windows 10 Enterprise is supported.What are my alternatives ? Read More
