What do you think is most unlikely? Dogs and cats living together in peace or Microsoft launching a security program for Linux? Actually, both are true. On June 23, Microsoft released Microsoft Defender Advanced Threat Protection (ATP) for Linux for general use.
But before you get excited while you could use this on a Linux desktop, this version of ATP is not designed for the desktop. It is to protect Linux servers from network and server threats. If you want protection for your standalone desktop, it’s best to use ClamAV or Sophos Antivirus for Linux.
For system administrators and security professionals, the Microsoft Defender Security Center is now available to monitor and manage security across the spectrum of desktop and server business platforms – Android, Windows, Windows Server, macOS, and Linux .
The goal of this new program, according to Moti Gindi, Microsoft’s corporate vice president of Threat Protection, is “to protect the modern work environment in everything it is, whether it is Microsoft or not Microsoft. We are protecting endpoints on Mac and today day we are expanding this endpoint protection to Linux and iOS and Android. ”
This program is now available for Red Hat Enterprise Linux (RHEL) 7 or higher; CentOS Linux 7 or newer; Ubuntu 16.04 or higher LTS versions; SUSE Linux Enterprise Server (SLES) 12 or higher; Debian 9 or newer; and Oracle Enterprise Linux 7.2.
On these servers, you use your shell program to start, configure, and manage the Defender agent. Once it’s running, you can start the scans and manage threats locally or remotely. You can also implement and configure it with the DevOps Puppet, Ansible tools or manually with the Bash commands.
You can also use the ATP client shell interface to initiate scans and manage threats. However, once configured, you would generally monitor your servers with the Microsoft Defender Security Center.
Once installed, ATP reports the following information to the Microsoft Defender Security Center console:
Antivirus alert information:
- Gravity
- Scan type
- Device information (see below for more details)
- File information (name, path, size, and hash)
- Threat information (name, type, and status)
Device Information:
- Machine identifier
- Tenant identifier
- Application version
- Hostname
- Operating system type
- operating system version
- Computer model
- Processor architecture
- If the device is a virtual machine
While it has been in beta since February, Microsoft knows full well that this is version 1.0. Helen Allas, Senior Program Manager for Microsoft, wrote:
We are just at the beginning of our Linux journey and we will not stop here! We are committed to the continued expansion of our Linux capabilities and will bring you improvements in the coming months. We can’t wait for you to become part of our Linux journey and test new capabilities as they become available. Be sure to enable preview features in the Microsoft Defender Security Center to get the latest updates before anyone else, and keep an eye on our blog and Twitter channel for the latest announcements.
The program is now available. To use Microsoft Defender ATP for Linux, you will need the Microsoft Defender ATP Server License. If you don’t have one, you can sign up for a free trial of Microsoft Defender ATP.
Start with the Microsoft Defender ATP for Linux documentation. Finally, if you are already running the beta version of Microsoft Defender ATP for Linux, you must upgrade the agent to version 101.00.75 or higher.
Related stories:
