Microsoft Defender ATP for Linux is coming! …And a sneak peek into what’s next

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

The Microsoft Defender ATP team is thrilled to announce public preview of Microsoft Defender ATP for Linux and a sneak peek into our mobile threat defense capabilities for Android and iOS!


If you’re coming to RSA Conference 2020 in San Francisco this year, please come by the Microsoft Booth (#N6059) in the North Hall of the expo floor to learn more and see a demo! We will also be delivering a theater session in the booth on Wednesday, February 26, at 12pm. In that session you can learn more about the latest announcements.


Ten months ago, when we first announced our plans for macOS, we made a promise of building security solutions not only for Microsoft, but from Microsoft. Many of our customers have time and again shared with us their difficulties in managing multiple security solutions to protect their unique range of platforms and products against multiple attack vectors. Their challenging reality of having to protect and manage heterogenous environments resonated with us. We heard feedback loud and clear that our customers are looking for complete cross-platform coverage from a single security vendor on an integrated platform.


Over the last year, we released preventive and EDR capabilities for macOS. Our macOS investments have been met with positive feedback from customers and a desire to learn more about our cross-platform roadmap. We’re extremely proud to share with you our Linux news and to give you a glimpse into where we’re going next.



Microsoft Defender ATP for Linux public preview!


Microsoft Defender ATP for Linux public preview is opening in the next few days! In our initial release, we will offer preventive capabilities for Linux servers. This will include a full command line experience to configure and manage the agent, initiate scans, and manage threats.




In the Microsoft Defender Security Center, basic machine and alert information will be surfaced.




Information in the Microsoft Defender Security Center will include:


Antivirus alert information:

  • Severity
  • Scan type
  • Device information (see below for details)
  • File information (name, path, size, and hash)
  • Threat information (name, type, and state)

Device information:

  • Machine identifier
  • Tenant identifier
  • App version
  • Hostname
  • OS type
  • OS version
  • Computer model
  • Processor architecture
  • Whether the device is a virtual machine


Microsoft Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool.


Based on customer input, we support recent versions of the six most common Linux Server distributions: RHEL 7+, CentOS Linux 7+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle EL 7.


Just as with our journey on macOS, we will be lighting up Linux EDR capabilities in the coming months – stay tuned!



Getting started with Microsoft Defender ATP for Linux


To learn more about our Linux capabilities, visit our documentation:


In a few days, these capabilities will be available for public preview. If you have preview features turned on, you will get access to the Microsoft Defender ATP for Linux onboarding page immediately after our public preview announcement. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender Security Center today. With our continuous cross-platform investments, we strive to help our customers further streamline their approach to endpoint security.


We welcome your feedback and are looking forward to hearing it!

To send us feedback, click on the ‘send a smile/frown’ icon on the top right corner of the security center:





What’s next


As mentioned, we’re on a journey. We are committed to delivering security across a range of platforms beyond Windows. Today, more business is getting done on mobile devices as the lines blur between work and personal life. The threats here are unique. For example, one of the biggest and fastest growing threats on mobile is phishing attacks - where a majority of them happen outside of email, such as via phishing sites, messaging apps, games, and other applications. Other common mobile risks exist with Android, where users are more susceptible to risks from malicious apps. And finally, jailbroken and rooted devices introduce increased risk by allowing unnecessary escalated privileges and the installation of unauthorized applications.


In this rapidly evolving world of mobile threats, Microsoft is taking a holistic approach to tackling these challenges and to securing enterprises and their data.


At the RSA Conference, we will show you a sneak peek into our investments into mobile threat defense for Android and iOS. We’ll share our plans to protect our customers from common mobile risk vectors with the same management and single pane of glass experience they currently get with Microsoft Defender ATP for Windows and macOS. More details about our mobile capabilities will be released over the coming months in 2020 as we work to make this a reality.




If you’re not yet taking advantage of Microsoft’s industry leading security optics and detection capabilities for endpoints, sign up for a free trial of Microsoft Defender ATP today.



Helen Allas

Microsoft Defender ATP team


REMEMBER: these articles are SYNDICATED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.