Skip to main content

Remediation

From Azure Portal

From Azure Home, select the Portal Menu.
Go to Microsoft Defender for Cloud.
Under Management, select Environment Settings.
Click on the subscription name.
Click Settings & monitoring.
Set the Status for Endpoint protection to On.
Click Continue.

From Azure CLI

Use the below command to set Allow Microsoft Defender for Endpoint to access my data:

az account get-access-token \
    --query "{subscription:subscription,accessToken:accessToken}" \
    --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/{{subscription-id}}/providers/Microsoft.Security/settings/WDATP?api-version=2022-05-01 -d@"input.json"'

Where input.json contains the Request body json data as mentioned below:

{ 
    "id": "/subscriptions/{{subscription-id}}/providers/Microsoft.Security/settings/WDATP", 
    "kind": "DataExportSettings", 
    "type": "Microsoft.Security/settings", 
    "properties": { 
        "enabled": true 
    }
}

From Azure Portal
From Azure CLI