Configure Microsoft Defender for Endpoint on Linux for static proxy discovery
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Microsoft Defender for Endpoint can discover a proxy server using the HTTPS_PROXY environment variable. This setting must be configured both at installation time and after the product has been installed.
Installation time configuration
During installation, the HTTPS_PROXY environment variable must be passed to the package manager. The package manager can read this variable in any of the following ways:
The
HTTPS_PROXYvariable is defined in/etc/environmentwith the following line:HTTPS_PROXY="http://proxy.server:port/"The
HTTPS_PROXYvariable is defined in the package manager global configuration. For example, in Ubuntu 18.04, you can add the following line to/etc/apt/apt.conf.d/proxy.conf:Acquire::https::Proxy "http://proxy.server:port/";Caution
Note that above two methods could define the proxy to use for other applications on your system. Use this method with caution, or only if this is meant to be a generally global configuration.
The
HTTPS_PROXYvariable is prepended to the installation or uninstallation commands. For example, with the APT package manager, prepend the variable as follows when installing Microsoft Defender for Endpoint:HTTPS_PROXY="http://proxy.server:port/" apt install mdatpNote
Do not add sudo between the environment variable definition and apt, otherwise the variable will not be propagated.
The HTTPS_PROXY environment variable may similarly be defined during uninstallation.
Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry won't be submitted, and the operation could take longer due to network timeouts.
Post installation configuration
After installation, configure Defender for Endpoint with a static proxy. This can be done in two ways:
1. Using mdatp command-line tool
Run the following command on the endpoint to configure proxy for Defender for Endpoint
mdatp config proxy set --value http://address:port
2. Using managed configuration
Set the proxy in the managed configuration at /etc/opt/microsoft/mdatp/managed/mdatp_managed.json. This is an example of the json schema:
{
"cloudService":{
"proxy": "http://proxy.server:port/"
}
}
A management tool of choice can be used to deploy the above configuration. Please check Set preferences for Microsoft Defender for Endpoint on Linux for more details on managed configuration.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for