The vm-with-mde template fails to install the Linux extension

[MWL88]

When deploying the VirtualMachine/vm-with-mde/azuredeploy.json ARM template, the Windows extension installation is successful but the Linux extension fails. The error message is:

VM has reported a failure when processing extension 'MDE.Linux'. Error message: "Failed to configure Microsoft Defender for Endpoint: argument of type 'NoneType' is not iterable ResourceId: /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Compute/virtualMachines/azsec-redhat-vm"

Based on a quick troubleshoot on the Linux VM, it appears the issue is caused by the installation process expecting the protectedSettings property to be populated with something.

When this extension (MDE.Linux) is deployed via remediating an Advisors recommendation, the protectedSettings property is populated with a base64 encoded encrypted string which is read, decoded and decrypted by the extension's installation script.

Please advise if this is a known issue and how the MDE.Linux extension should be deployed via an arbitrary ARM template.

Thanks

[azsec]

Thanks @MWL88 . I will plan on checking this issue and will get back.

[peeeteeer]

Thanks @MWL88 . I will plan on checking this issue and will get back.

any update on this? Having the same problem here

[Hacks4Snacks]

@peeeteeer I have submitted a PR for the addition of a simple Linux VM example with the MDE extension section updated. Below are the MDE updated bits.

{ "comments": "Deploy Microsoft Defender for Linux VM", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Linux')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ], "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Linux", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[subscription().subscriptionId]", "forceReOnboarding": false, "vNextEnabled": "false", "provisionedBy": "Manual" }, "protectedSettings": { "defenderForEndpointOnboardingScript": "[reference(subscriptionResourceId('Microsoft.Security/mdeOnboardings', 'Linux'), '2021-10-01-preview', 'full').properties.onboardingPackageLinux]" } } }

[peeeteeer]

@peeeteeer I have submitted a PR for the addition of a simple Linux VM example with the MDE extension section updated. Below are the MDE updated bits.

{ "comments": "Deploy Microsoft Defender for Linux VM", "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", "location": "[parameters('location')]", "name": "[concat(parameters('vmName'),'/MDE.Linux')]", "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]" ], "properties": { "autoUpgradeMinorVersion": true, "publisher": "Microsoft.Azure.AzureDefenderForServers", "type": "MDE.Linux", "typeHandlerVersion": "1.0", "settings": { "azureResourceId": "[resourceId('Microsoft.Compute/virtualMachines',parameters('vmName'))]", "defenderForServersWorkspaceId": "[subscription().subscriptionId]", "forceReOnboarding": false, "vNextEnabled": "false", "provisionedBy": "Manual" }, "protectedSettings": { "defenderForEndpointOnboardingScript": "[reference(subscriptionResourceId('Microsoft.Security/mdeOnboardings', 'Linux'), '2021-10-01-preview', 'full').properties.onboardingPackageLinux]" } } }

excellent - thanks!!! Did work for me

[ThomasKur]

Can we also specify somehow the proxy server to use in the settings section?