How to Download and Install Microsoft Defender for Endpoint on Linux
0
0
Microsoft Defender for Endpoint is an enterprise-grade endpoint security platform designed to help businesses prevent, detect, investigate, and respond to advanced threats. While originally developed for Windows systems, Defender for Endpoint now supports a broad range of operating systems, including Linux. To ensure that Linux systems are protected and integrated into a centralized security management console, it is essential to properly download and install Microsoft Defender for Endpoint.
Prerequisites
Before beginning the installation process, administrators should ensure they meet Microsoft’s requirements:
- Supported Linux distributions: Microsoft Defender for Endpoint supports distributions such as Ubuntu, Red Hat Enterprise Linux (RHEL), CentOS, Debian, and SUSE. It’s important to verify your OS and version against the list of supported platforms.
- Administrative privileges: You must have root or sudo access on the Linux machine to perform the installation steps.
- A valid Microsoft 365 Defender subscription: Access to the Defender for Endpoint portal is required to configure and manage endpoints.
- Network access requirements: Make sure the Linux server can communicate with the necessary Microsoft service URLs.
Step-by-Step Installation Guide
1. Register the Machine in Microsoft 365 Defender
Log into the Microsoft 365 Defender Portal and register the Linux endpoint. This process usually generates an onboarding package or script tailored to the specific operating system. Follow the detailed instructions provided in the onboarding wizard under the “Linux” section.
2. Configure Microsoft Repositories
Install the Microsoft software repository on your Linux system. This step ensures that Defender’s packages can be downloaded through your package manager. Below is an example for Ubuntu:
wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
The same process applies to other Linux distributions, with slight modifications to repository URLs and commands.
3. Install Microsoft Defender for Endpoint
After configuring the software repository, install the actual Defender package using the package manager:
sudo apt install mdatp
On Red Hat-based systems (like RHEL and CentOS), use:
sudo yum install mdatp
4. Onboard the Endpoint
After installing the package, onboard the endpoint using the script you downloaded from the Microsoft 365 Defender Portal. You may need to place a configuration file in a dedicated directory, normally:
/opt/microsoft/mdatp/mdatp_managed.json
Start the Defender for Endpoint service using the following command:
sudo systemctl start mdatp
Enable the service to make it persistent across reboots:
sudo systemctl enable mdatp
5. Run a Health Check
After installation and onboarding, confirm that the service is running correctly:
mdatp health
This command returns the health status and confirms if the endpoint is actively reporting to the Microsoft cloud.
6. Keeping Microsoft Defender Updated
Microsoft Defender for Endpoint regularly releases updates. Ensure your Linux system is set to receive updates automatically or run manual checks regularly via your package manager.
sudo apt update
sudo apt upgrade mdatp
Keeping Defender up-to-date is essential for maintaining peak protection against emerging threats.
Frequently Asked Questions (FAQ)
- Q: Does Microsoft Defender for Endpoint slow down Linux systems?
A: Defender is optimized for performance on Linux and operates efficiently. However, performance may vary depending on hardware and other running services. - Q: Is real-time protection available on Linux?
A: Yes, real-time protection is available and can be enabled through the command line or centralized policy in the Defender portal. - Q: Can Defender for Endpoint on Linux be managed centrally?
A: Absolutely. Once onboarded, the endpoint appears in the Microsoft 365 Defender dashboard, where security teams can monitor, configure policies, and receive alerts. - Q: Does Defender support proxy configurations on Linux?
A: Yes, Microsoft provides instructions on how to configure proxy settings for Defender on supported Linux platforms. - Q: How can I uninstall Defender if needed?
A: Use your Linux distribution’s package manager. For example, on Ubuntu:sudo apt remove mdatp.
With the expanding support for Linux, Microsoft Defender for Endpoint provides unified and comprehensive security management across all major platforms, offering peace of mind and robust protection for enterprise environments.
