Windows Defender for Ubuntu

It is no secret that we work heavily in a Microsoft Windows environment and our corporate network teams like to use Microsoft tools to manage systems.

Windows Defender is quickly replacing 3rd party tools for Anti-Virus and Anti-Malware software. This is great, what better AV than the one made by the same people who made the OS.

But now we have all our Windows Computers monitored and connected to the corporate Windows Defender Servers.

But what do we do about the Linux-based systems we have in our TV stations? Well, Microsoft has you covered too. At my TV Station, I use Ubuntu since it has a great user base and you can easily find support for it. So since your IT Team is going to be asking you to install Windows Defender on your Linux systems I will over over the steps here on how to do it on Ubuntu.

I am going to be installing Microsoft Defender for Endpoint onto an Ubuntu 22.04 machine.

Prerequisites

  • Download the OnBoarding Linux Script(Get this from your IT Team)
  • Ability to elevate to sudo account

Install the following packages onto the machine

sudo apt-get update
sudo apt-get install curl
sudo apt-get install libplist-utils
sudo apt-get install apt-transport-https
sudo apt-get install gpg
sudo apt-get install ntp

Configure your local timezone by following the prompts

sudo dpkg-reconfigure tzdata

Configure Ubuntu to use the Microsoft Repository Source

https://packages.microsoft.com/config/ubuntu/22.04/prod.list
https://packages.microsoft.com/config/ubuntu/21.10/prod.list
https://packages.microsoft.com/config/ubuntu/21.04/prod.list

Find out other available versions here:
https://packages.microsoft.com/config/ubuntu/

curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/22.04/prod.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list

Install the Microsoft Decryption GPG Key

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/

Install the Microsoft Defender for Endpoint Linux Agent

In previous steps you added a custom Microsoft Repository source. You now need re-run the following command to make sure your Ubuntu machine is aware of new available packages.

sudo apt-get update

Now install the MDATP client by running

sudo apt-get install mdatp

Activate Microsoft Defender for Endpoint Linux Agent

In a previous step you downloaded the “MicrosoftDefenderATPOnBoarding.zip” for Linux file from your https://security.microsoft.com console.

Unzip and copy over the file MicrosoftDefenderATPOnboardingLinuxServer.py to your preferred location.

Run the script to activate Microsoft Defender for Endpoint Linux Agent

python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Test Microsoft Defender for Endpoint Linux Agent

mdatp connectivity test
mdatp definitions update
mdatp health
reboot now

Great Job, the agent should start uploading telemetry to your console.

Tags:

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *