diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ef2e397e5b..52940ae69f 100644 Binary files a/.openpublishing.redirection.json and b/.openpublishing.redirection.json differ diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index b71b5b24ba..58e3fd0a6f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -58,7 +58,7 @@ There are five locations where you can specify where an endpoint should obtain u To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. > [!IMPORTANT] -> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services). +> If you have set [Microsoft Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is seven consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services). > You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).

> Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 378fbbc6a0..709b03a5e2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -35,14 +35,15 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Ansibl Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version. +In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Please refer to the [Ansible documentation](https://docs.ansible.com/) for details. + - Ansible needs to be installed on at least on one computer (we will call it the master). - SSH must be configured for an administrator account between the master and all clients, and it is recommended be configured with public key authentication. - The following software must be installed on all clients: - curl - python-apt - - unzip -- All hosts must be listed in the following format in the `/etc/ansible/hosts` file: +- All hosts must be listed in the following format in the `/etc/ansible/hosts` or relevant file: ```bash [servers] @@ -79,55 +80,32 @@ Download the onboarding package from Microsoft Defender Security Center: ## Create Ansible YAML files -Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory: +Create a subtask or role files that contribute to an playbook or task. -- Copy the onboarding package to all client devices: +- Create the onboarding task, `onboarding_setup.yml`: ```bash - - name: Copy the zip file - copy: - src: /root/WindowsDefenderATPOnboardingPackage.zip - dest: /root/WindowsDefenderATPOnboardingPackage.zip - owner: root - group: root - mode: '0644' + - name: Create MDATP directories + file: + path: /etc/opt/microsoft/mdatp/ + recurse: true + state: directory + mode: 0755 + owner: root + group: root - - name: Add Microsoft apt signing key - apt_key: - url: https://packages.microsoft.com/keys/microsoft.asc - state: present - when: ansible_os_family == "Debian" - ``` - -- Create the `setup.sh` script that operates on the onboarding file, in this example located in the `/root` directory: - - ```bash - #!/bin/bash - # We assume WindowsDefenderATPOnboardingPackage.zip is stored in /root - cd /root || exit 1 - # Unzip the archive and create the onboarding file - mkdir -p /etc/opt/microsoft/mdatp/ - unzip WindowsDefenderATPOnboardingPackage.zip - cp mdatp_onboard.json /etc/opt/microsoft/mdatp/mdatp_onboard.json - ``` - -- Create the onboarding task, `onboarding_setup.yml`, under the `/etc/ansible/roles` directory: - - ```bash - name: Register mdatp_onboard.json - stat: path=/etc/opt/microsoft/mdatp/mdatp_onboard.json + stat: + path: /etc/opt/microsoft/mdatp/mdatp_onboard.json register: mdatp_onboard - - name: Copy the setup script file - copy: - src: /root/setup.sh - dest: /root/setup.sh - owner: root - group: root - mode: '0744' - - - name: Run a script to create the onboarding file - script: /root/setup.sh + - name: Extract WindowsDefenderATPOnboardingPackage.zip into /etc/opt/microsoft/mdatp + unarchive: + src: WindowsDefenderATPOnboardingPackage.zip + dest: /etc/opt/microsoft/mdatp + mode: 0600 + owner: root + group: root when: not mdatp_onboard.stat.exists ``` @@ -150,6 +128,12 @@ Create subtask or role files that contribute to an actual task. First create the > In case of Oracle Linux, replace *[distro]* with “rhel”. ```bash + - name: Add Microsoft APT key + apt_key: + keyserver: https://packages.microsoft.com/ + id: BC528686B50D79E339D3721CEB3E94ADBE1229CF + when: ansible_os_family == "Debian" + - name: Add Microsoft apt repository for MDATP apt_repository: repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main @@ -158,12 +142,6 @@ Create subtask or role files that contribute to an actual task. First create the filename: microsoft-[channel].list when: ansible_os_family == "Debian" - - name: Add Microsoft APT key - apt_key: - keyserver: https://packages.microsoft.com/ - id: BC528686B50D79E339D3721CEB3E94ADBE1229CF - when: ansible_os_family == "Debian" - - name: Add Microsoft yum repository for MDATP yum_repository: name: packages-microsoft-com-prod-[channel] @@ -175,7 +153,7 @@ Create subtask or role files that contribute to an actual task. First create the when: ansible_os_family == "RedHat" ``` -- Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`. +- Create the Ansible install and uninstall YAML files. - For apt-based distributions use the following YAML file: @@ -183,8 +161,7 @@ Create subtask or role files that contribute to an actual task. First create the $ cat install_mdatp.yml - hosts: servers tasks: - - include: ../roles/download_copy_blob.yml - - include: ../roles/setup_blob.yml + - include: ../roles/onboarding_setup.yml - include: ../roles/add_apt_repo.yml - apt: name: mdatp @@ -207,8 +184,7 @@ Create subtask or role files that contribute to an actual task. First create the $ cat install_mdatp_yum.yml - hosts: servers tasks: - - include: ../roles/download_copy_blob.yml - - include: ../roles/setup_blob.yml + - include: ../roles/onboarding_setup.yml - include: ../roles/add_yum_repo.yml - yum: name: mdatp @@ -227,7 +203,7 @@ Create subtask or role files that contribute to an actual task. First create the ## Deployment -Now run the tasks files under `/etc/ansible/playbooks/`. +Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory. - Installation: diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 385bdbecbb..425c0389da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender ATP for Linux -ms.reviewer: +ms.reviewer: description: Describes how to install and use Microsoft Defender ATP for Linux. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos search.product: eADQiWindows 10XVcnh @@ -14,7 +14,7 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: M365-security-compliance ms.topic: conceptual --- @@ -39,7 +39,7 @@ There are several methods and deployment tools that you can use to install and c In general you need to take the following steps: -- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the Microsoft Defender ATP portal. +- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md). - Deploy Microsoft Defender ATP for Linux using one of the following deployment methods: - The command-line tool: - [Manual deployment](linux-install-manually.md) @@ -51,7 +51,7 @@ If you experience any installation failures, refer to [Troubleshooting installat ### System requirements -- Supported Linux server distributions and versions: +- Supported Linux server distributions and versions: - Red Hat Enterprise Linux 7.2 or higher - CentOS 7.2 or higher