It is no secret that we work heavily in a Microsoft Windows environment and our corporate network teams like to use Microsoft tools to manage systems.
Windows Defender is quickly replacing 3rd party tools for Anti-Virus and Anti-Malware software. This is great, what better AV than the one made by the same people who made the OS.
But now we have all our Windows Computers monitored and connected to the corporate Windows Defender Servers.
But what do we do about the Linux-based systems we have in our TV stations? Well, Microsoft has you covered too. At my TV Station, I use Ubuntu since it has a great user base and you can easily find support for it. So since your IT Team is going to be asking you to install Windows Defender on your Linux systems I will over over the steps here on how to do it on Ubuntu.
I am going to be installing Microsoft Defender for Endpoint onto an Ubuntu 22.04 machine.
Prerequisites
- Download the OnBoarding Linux Script(Get this from your IT Team)
- Ability to elevate to sudo account
Install the following packages onto the machine
sudo apt-get update
sudo apt-get install curl
sudo apt-get install libplist-utils
sudo apt-get install apt-transport-https
sudo apt-get install gpg
sudo apt-get install ntp
Configure your local timezone by following the prompts
sudo dpkg-reconfigure tzdata
Configure Ubuntu to use the Microsoft Repository Source
https://packages.microsoft.com/config/ubuntu/22.04/prod.list
https://packages.microsoft.com/config/ubuntu/21.10/prod.list
https://packages.microsoft.com/config/ubuntu/21.04/prod.list
Find out other available versions here:
https://packages.microsoft.com/config/ubuntu/
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/22.04/prod.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list
Install the Microsoft Decryption GPG Key
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/
Install the Microsoft Defender for Endpoint Linux Agent
In previous steps you added a custom Microsoft Repository source. You now need re-run the following command to make sure your Ubuntu machine is aware of new available packages.
sudo apt-get update
Now install the MDATP client by running
sudo apt-get install mdatp
Activate Microsoft Defender for Endpoint Linux Agent
In a previous step you downloaded the “MicrosoftDefenderATPOnBoarding.zip” for Linux file from your https://security.microsoft.com console.
Unzip and copy over the file MicrosoftDefenderATPOnboardingLinuxServer.py to your preferred location.
Run the script to activate Microsoft Defender for Endpoint Linux Agent
python3 MicrosoftDefenderATPOnboardingLinuxServer.py
Test Microsoft Defender for Endpoint Linux Agent
mdatp connectivity test
mdatp definitions update
mdatp health
reboot now
Great Job, the agent should start uploading telemetry to your console.
No Responses