Defender Migration Status Validation - mattnovitsch/M365 GitHub Wiki

Summary

I've seen a lot of customers think they are migrated and in fact are not. There are 3 workloads that get migrated from Commercial to GCC. The Defender for Endpoint(MDE), Defender for Cloud Apps(MDA), and Defender for Identity(MDI) preferably in this order as going outside this order tends to cause problems because backend processes are not pointing to the correct location.

Validate MDE

Going to https://transition.security.microsoft.com is not enough to see if you have been migrated. The link works in my lab and I am 100% commercial. The link will just go to the valid tenant, if you have a commercial and GCC then it will be different. How do we check this?

  1. Navigate to https://transition.security.microsoft.com > Settings > Microsoft Defender XDR > Copy your OrgID image

  2. Navigate to https://security.microsoft.com > Settings > Microsoft Defender XDR >

Check your OrgID from the Transition Defender XDR Portal and the Normal Defender XDR Portal. They should be different if you have started the transition. If they both say "The service will store your data at rest in USMod" then you are already in GCC for Defender for endpoint. If they are different, please review the migration document: Migrating-Defender-from-Commercial-to-GCC

Validate MDA

  1. Navigate to Navigate to https://security.microsoft.com > Settings > Cloud Apps If your data center states GCC than you are good.

  2. If don't see it under the Defender XDR but you do see it under https://transition.security.microsoft.com, then you need to migrate

image

Validate MDI

  1. Navigate to Navigate to https://security.microsoft.com > Settings > Identities

  2. If don't see it under the Defender XDR but you do see it under https://transition.security.microsoft.com, then you need to migrate

Steps forward

  1. If you have any workloads that are not migrated, then we need to open a support case and get the case engineer to open an IcM.
  2. If you need assistance and would like to discuss the path forward, then please feel free to ping me on teams or put in a FastTrack SME request and note in the request that it's a "Commercial to GCC transition" somewhere.
  3. If you are unsure of next steps, please let me know.
  4. Migration Steps

Troubleshooting Steps

  1. Problem: Defender for Cloud still onboards to Commercial Defender Tenant even though there is a Defender GCC Tenant. Solution: remove Defender for Cloud Extension and reinstall(Migration Steps) if problem persists open support case/IcM.

  2. Problem: Intune is onboarding to Commercial tenant instead of Defender GCC Tenant. Solution: Delete old onboarding policy under Endpoint Security > Endpoint detection and response and recreate it. If problem persists, delete it again and use onboard instead of Auto from Connector and manually paste the onboarding script into the field from Defender XDR. image

  3. If Defender for Cloud Apps is not working, you can also check your license for the product. If you have confirm you have the licenses then you would need a support case for the PG to investigate. image