We have recently migrated Windows server 2016 from Onprem to Azure Cloud. After that i notice that the "MDE.Windows" extension shows "Provisioning Failed" message. And below is the error message. Can someone help me on how to fix this?
[2022-10-18 13:19:05Z][Error] Failed to configure Microsoft Defender for Endpoint: Onboarding to MDE via Microsoft Defender for Cloud for this operating system is done using Microsoft Monitor Agent. If you would like to install the new MDE Unified Solution/Agent, please enable the Unified Solution setting in Microsoft Defender for Cloud (vNextEnabled parameter is not 'true')\r\n
I tried to reproduce the same issue in my environment and got the below results
I have enabled the defender cloud
When enabling the defender for servers plan 1 or plan 2 and configuring the defender for end point integration The end point defender is automatically provisioned for all supported machines
If we want we can change the sever plan also we have to enable the defender for endpoint integration by clicking on settings => integrations
I have enabled the auto provisioning when using defender for cloud
I have selected the appropriate Virtual Machine
We have to monitor the installation via azure machine extension page Open the specific VM => Open the extension&Application => open the MDE.windows for related information
While clicking on the MDE.Windows extensions we can see the state is succeeded
NOTE: When the extension is failed we have to check the all below the pre requisites are correctly configured or not
1). Defender not running inactive mode for 2019
2). Defender server role is not installed for server 2016
3). connect pre requisites updates not installed
4). Defender disabled via registry key setting