deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3203 from MicrosoftDocs/master

Browse Source 
OOB Publish 6/30/2020 5:15 PM PST
This commit is contained in:
Thomas Raya 2020-06-30 17:31:44 -07:00 committed by GitHub
commit 041a354043
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.openpublishing.redirection.json
View File

Binary file not shown.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
View File

@ -58,7 +58,7 @@ There are five locations where you can specify where an endpoint should obtain u
To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads.
> [!IMPORTANT]
> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
> If you have set [Microsoft Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is seven consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).<p>
> Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).

88
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
View File

@ -35,14 +35,15 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Ansibl
Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Please refer to the [Ansible documentation](https://docs.ansible.com/) for details.
- Ansible needs to be installed on at least on one computer (we will call it the master).
- SSH must be configured for an administrator account between the master and all clients, and it is recommended be configured with public key authentication.
- The following software must be installed on all clients:
- curl
- python-apt
- unzip
- All hosts must be listed in the following format in the `/etc/ansible/hosts` file:
- All hosts must be listed in the following format in the `/etc/ansible/hosts` or relevant file:
```bash
[servers]
@ -79,55 +80,32 @@ Download the onboarding package from Microsoft Defender Security Center:
## Create Ansible YAML files
Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory:
Create a subtask or role files that contribute to an playbook or task.
- Copy the onboarding package to all client devices:
- Create the onboarding task, `onboarding_setup.yml`:
```bash
- name: Copy the zip file
copy:
src: /root/WindowsDefenderATPOnboardingPackage.zip
dest: /root/WindowsDefenderATPOnboardingPackage.zip
owner: root
group: root
mode: '0644'
- name: Create MDATP directories
file:
path: /etc/opt/microsoft/mdatp/
recurse: true
state: directory
mode: 0755
owner: root
group: root
- name: Add Microsoft apt signing key
apt_key:
url: https://packages.microsoft.com/keys/microsoft.asc
state: present
when: ansible_os_family == "Debian"
```
- Create the `setup.sh` script that operates on the onboarding file, in this example located in the `/root` directory:
```bash
#!/bin/bash
# We assume WindowsDefenderATPOnboardingPackage.zip is stored in /root
cd /root || exit 1
# Unzip the archive and create the onboarding file
mkdir -p /etc/opt/microsoft/mdatp/
unzip WindowsDefenderATPOnboardingPackage.zip
cp mdatp_onboard.json /etc/opt/microsoft/mdatp/mdatp_onboard.json
```
- Create the onboarding task, `onboarding_setup.yml`, under the `/etc/ansible/roles` directory:
```bash
- name: Register mdatp_onboard.json
stat: path=/etc/opt/microsoft/mdatp/mdatp_onboard.json
stat:
path: /etc/opt/microsoft/mdatp/mdatp_onboard.json
register: mdatp_onboard
- name: Copy the setup script file
copy:
src: /root/setup.sh
dest: /root/setup.sh
owner: root
group: root
mode: '0744'
- name: Run a script to create the onboarding file
script: /root/setup.sh
- name: Extract WindowsDefenderATPOnboardingPackage.zip into /etc/opt/microsoft/mdatp
unarchive:
src: WindowsDefenderATPOnboardingPackage.zip
dest: /etc/opt/microsoft/mdatp
mode: 0600
owner: root
group: root
when: not mdatp_onboard.stat.exists
```
@ -150,6 +128,12 @@ Create subtask or role files that contribute to an actual task. First create the
> In case of Oracle Linux, replace *[distro]* with “rhel”.
```bash
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft apt repository for MDATP
apt_repository:
repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
@ -158,12 +142,6 @@ Create subtask or role files that contribute to an actual task. First create the
filename: microsoft-[channel].list
when: ansible_os_family == "Debian"
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft yum repository for MDATP
yum_repository:
name: packages-microsoft-com-prod-[channel]
@ -175,7 +153,7 @@ Create subtask or role files that contribute to an actual task. First create the
when: ansible_os_family == "RedHat"
```
- Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`.
- Create the Ansible install and uninstall YAML files.
- For apt-based distributions use the following YAML file:
@ -183,8 +161,7 @@ Create subtask or role files that contribute to an actual task. First create the
$ cat install_mdatp.yml
- hosts: servers
tasks:
- include: ../roles/download_copy_blob.yml
- include: ../roles/setup_blob.yml
- include: ../roles/onboarding_setup.yml
- include: ../roles/add_apt_repo.yml
- apt:
name: mdatp
@ -207,8 +184,7 @@ Create subtask or role files that contribute to an actual task. First create the
$ cat install_mdatp_yum.yml
- hosts: servers
tasks:
- include: ../roles/download_copy_blob.yml
- include: ../roles/setup_blob.yml
- include: ../roles/onboarding_setup.yml
- include: ../roles/add_yum_repo.yml
- yum:
name: mdatp
@ -227,7 +203,7 @@ Create subtask or role files that contribute to an actual task. First create the
## Deployment
Now run the tasks files under `/etc/ansible/playbooks/`.
Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
- Installation:

8
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft Defender ATP for Linux
ms.reviewer:
ms.reviewer:
description: Describes how to install and use Microsoft Defender ATP for Linux.
keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
search.product: eADQiWindows 10XVcnh
@ -14,7 +14,7 @@ author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: conceptual
---
@ -39,7 +39,7 @@ There are several methods and deployment tools that you can use to install and c
In general you need to take the following steps:
- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the Microsoft Defender ATP portal.
- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md).
- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods:
- The command-line tool:
- [Manual deployment](linux-install-manually.md)
@ -51,7 +51,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
### System requirements
- Supported Linux server distributions and versions:
- Supported Linux server distributions and versions:
- Red Hat Enterprise Linux 7.2 or higher
- CentOS 7.2 or higher