Microsoft Defender ATP for Linux
PUBLIC PREVIEW EDITION
This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender Security Center today.
This topic describes how to install, configure, update, and use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux.
Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
How to install Microsoft Defender ATP for Linux
- Access to the Microsoft Defender Security Center portal
- Beginner-level experience in Linux and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
Logged on users do not appear in the ATP portal.
Running the product on CentOS / RHEL / Oracle Linux 7.0 or 7.1 with kernel versions lower than 3.10.0-327 can result in hanging the operating system. We recommend that you upgrade to version 7.2 or newer.
In SUSE distributions, if the installation of libatomic1 fails, you should validate that your OS is registered:
$ sudo SUSEConnect --status-text
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
In general you need to take the following steps:
- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the Microsoft Defender ATP portal.
- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods:
- The command-line tool:
- Third-party management tools:
Supported Linux server distributions and versions:
- Red Hat Enterprise Linux 7.2 or higher
- CentOS 7.2 or higher
- Ubuntu 16.04 LTS or higher LTS
- Debian 9 or higher
- SUSE Linux Enterprise Server 12 or higher
- Oracle Linux 7.2 or higher
Minimum kernel version 2.6.38
fanotifykernel option must be enabled
Disk space: 650 MB
The solution currently provides real-time protection for the following file system types:
More file system types will be added in the future.
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an allow rule specifically for them.
|Service location||DNS record|
|Common URLs for all locations||x.cp.wd.microsoft.com
For a more specific URL list, see Configure proxy and internet connectivity settings
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Transparent proxy
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in Manual Static Proxy Configuration.
For troubleshooting steps, see the Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux page.
How to update Microsoft Defender ATP for Linux
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Linux, refer to Deploy updates for Microsoft Defender ATP for Linux.
How to configure Microsoft Defender ATP for Linux
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Linux.
- For more information about logging, uninstalling, or other topics, see the Resources page.