Azure Defender extension (MDE.Windows) is failing to install on Windows (Windows Server 2019 Datacenter). The Azure portal shows as ‘Provisioning failed’. After few hours (about 6), it auto corrects and state changes to ‘Provisioning succeeded’.
As per Azure support, Microsoft Defender for Cloud (MDFC) & Microsoft Defender for Endpoint (MDE) auto fixes it.
They also mentioned they this extension is installed automatically and should not be installed manually or any form of automation.
We deploy all our resources through Terraform and like to keep it that way. Keeping MDE.Windows extension outside of our code makes our state file out of sync.
Just wondering if anyone came across similar situation and found a way to fix this issue.
Thanks in advance.
Error:
Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'MDE.Windows'. Error message: \"Failed to configure Microsoft Defender for Endpoint: You cannot call a method on a null-valued expression.\r\n at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)\r\n at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)\r\n at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)\r\n at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "
│
│ with module.myModule["myVM"].module.logs-extension.azurerm_virtual_machine_extension.AZdefender,
│ on modules/VM/logging-extensionwin/main.tf line 59, in resource "azurerm_virtual_machine_extension" "AZdefender":
│ 5