From b74884d29e1e3f0f8881beb6c6d2667176b1e6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 30 Jun 2020 11:50:30 +0200 Subject: [PATCH 1/3] link to the Microsoft Defender ATP portal, and reformat Ansible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .../linux-install-with-ansible.md | 88 +++++++------------ .../microsoft-defender-atp-linux.md | 8 +- 2 files changed, 36 insertions(+), 60 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 378fbbc6a0..709b03a5e2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -35,14 +35,15 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Ansibl Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version. +In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Please refer to the [Ansible documentation](https://docs.ansible.com/) for details. + - Ansible needs to be installed on at least on one computer (we will call it the master). - SSH must be configured for an administrator account between the master and all clients, and it is recommended be configured with public key authentication. - The following software must be installed on all clients: - curl - python-apt - - unzip -- All hosts must be listed in the following format in the `/etc/ansible/hosts` file: +- All hosts must be listed in the following format in the `/etc/ansible/hosts` or relevant file: ```bash [servers] @@ -79,55 +80,32 @@ Download the onboarding package from Microsoft Defender Security Center: ## Create Ansible YAML files -Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory: +Create a subtask or role files that contribute to an playbook or task. -- Copy the onboarding package to all client devices: +- Create the onboarding task, `onboarding_setup.yml`: ```bash - - name: Copy the zip file - copy: - src: /root/WindowsDefenderATPOnboardingPackage.zip - dest: /root/WindowsDefenderATPOnboardingPackage.zip - owner: root - group: root - mode: '0644' + - name: Create MDATP directories + file: + path: /etc/opt/microsoft/mdatp/ + recurse: true + state: directory + mode: 0755 + owner: root + group: root - - name: Add Microsoft apt signing key - apt_key: - url: https://packages.microsoft.com/keys/microsoft.asc - state: present - when: ansible_os_family == "Debian" - ``` - -- Create the `setup.sh` script that operates on the onboarding file, in this example located in the `/root` directory: - - ```bash - #!/bin/bash - # We assume WindowsDefenderATPOnboardingPackage.zip is stored in /root - cd /root || exit 1 - # Unzip the archive and create the onboarding file - mkdir -p /etc/opt/microsoft/mdatp/ - unzip WindowsDefenderATPOnboardingPackage.zip - cp mdatp_onboard.json /etc/opt/microsoft/mdatp/mdatp_onboard.json - ``` - -- Create the onboarding task, `onboarding_setup.yml`, under the `/etc/ansible/roles` directory: - - ```bash - name: Register mdatp_onboard.json - stat: path=/etc/opt/microsoft/mdatp/mdatp_onboard.json + stat: + path: /etc/opt/microsoft/mdatp/mdatp_onboard.json register: mdatp_onboard - - name: Copy the setup script file - copy: - src: /root/setup.sh - dest: /root/setup.sh - owner: root - group: root - mode: '0744' - - - name: Run a script to create the onboarding file - script: /root/setup.sh + - name: Extract WindowsDefenderATPOnboardingPackage.zip into /etc/opt/microsoft/mdatp + unarchive: + src: WindowsDefenderATPOnboardingPackage.zip + dest: /etc/opt/microsoft/mdatp + mode: 0600 + owner: root + group: root when: not mdatp_onboard.stat.exists ``` @@ -150,6 +128,12 @@ Create subtask or role files that contribute to an actual task. First create the > In case of Oracle Linux, replace *[distro]* with “rhel”. ```bash + - name: Add Microsoft APT key + apt_key: + keyserver: https://packages.microsoft.com/ + id: BC528686B50D79E339D3721CEB3E94ADBE1229CF + when: ansible_os_family == "Debian" + - name: Add Microsoft apt repository for MDATP apt_repository: repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main @@ -158,12 +142,6 @@ Create subtask or role files that contribute to an actual task. First create the filename: microsoft-[channel].list when: ansible_os_family == "Debian" - - name: Add Microsoft APT key - apt_key: - keyserver: https://packages.microsoft.com/ - id: BC528686B50D79E339D3721CEB3E94ADBE1229CF - when: ansible_os_family == "Debian" - - name: Add Microsoft yum repository for MDATP yum_repository: name: packages-microsoft-com-prod-[channel] @@ -175,7 +153,7 @@ Create subtask or role files that contribute to an actual task. First create the when: ansible_os_family == "RedHat" ``` -- Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`. +- Create the Ansible install and uninstall YAML files. - For apt-based distributions use the following YAML file: @@ -183,8 +161,7 @@ Create subtask or role files that contribute to an actual task. First create the $ cat install_mdatp.yml - hosts: servers tasks: - - include: ../roles/download_copy_blob.yml - - include: ../roles/setup_blob.yml + - include: ../roles/onboarding_setup.yml - include: ../roles/add_apt_repo.yml - apt: name: mdatp @@ -207,8 +184,7 @@ Create subtask or role files that contribute to an actual task. First create the $ cat install_mdatp_yum.yml - hosts: servers tasks: - - include: ../roles/download_copy_blob.yml - - include: ../roles/setup_blob.yml + - include: ../roles/onboarding_setup.yml - include: ../roles/add_yum_repo.yml - yum: name: mdatp @@ -227,7 +203,7 @@ Create subtask or role files that contribute to an actual task. First create the ## Deployment -Now run the tasks files under `/etc/ansible/playbooks/`. +Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory. - Installation: diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 385bdbecbb..425c0389da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender ATP for Linux -ms.reviewer: +ms.reviewer: description: Describes how to install and use Microsoft Defender ATP for Linux. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos search.product: eADQiWindows 10XVcnh @@ -14,7 +14,7 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: M365-security-compliance ms.topic: conceptual --- @@ -39,7 +39,7 @@ There are several methods and deployment tools that you can use to install and c In general you need to take the following steps: -- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the Microsoft Defender ATP portal. +- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md). - Deploy Microsoft Defender ATP for Linux using one of the following deployment methods: - The command-line tool: - [Manual deployment](linux-install-manually.md) @@ -51,7 +51,7 @@ If you experience any installation failures, refer to [Troubleshooting installat ### System requirements -- Supported Linux server distributions and versions: +- Supported Linux server distributions and versions: - Red Hat Enterprise Linux 7.2 or higher - CentOS 7.2 or higher From b6ac3ab661306f7b573727b0b7f7e86b4a9edc7c Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 30 Jun 2020 15:53:37 -0700 Subject: [PATCH 2/3] Update manage-protection-updates-microsoft-defender-antivirus.md changed MMPC name and default time --- .../manage-protection-updates-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index b71b5b24ba..58e3fd0a6f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -58,7 +58,7 @@ There are five locations where you can specify where an endpoint should obtain u To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. > [!IMPORTANT] -> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services). +> If you have set [Microsoft Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is seven consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services). > You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).

> Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). From 321e5bf7cf81946a44bd8c94b2c474bb84167423 Mon Sep 17 00:00:00 2001 From: Thomas Date: Tue, 30 Jun 2020 16:57:32 -0700 Subject: [PATCH 3/3] Update .openpublishing.redirection.json remove "." in a redirect_url value --- .openpublishing.redirection.json | Bin 2576186 -> 2576184 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ef2e397e5bfec17fd1858d9f948e661a6c8c7c31..52940ae69fce7589fd101c762f38412b41d0bf16 100644 GIT binary patch delta 126 zcmdlrZ!Y5wAZ}=3Y+-6)ZeeL*ZDDI+Z{cX+Y~gC*ZsBR+ZQ*O-ZxLt_Y!PY^ZV_n_ zZ4qk`Z;@z`Y>{e_Zjot`ZINq{Z&7GbY*A`aZc%Ab-J*8q=5~W?YBw0S3q(u&Vw(Qp bi(1a~2@lldw&!@VaWRAW+c!K?>&gKDvfD2R delta 281 zcmdlnZ!Y65AZ}=3Y+-6)ZeeL*ZDDI+Z{cX+Y~gC*ZsBR+ZQ*O-ZxLt_Y!PY^ZV_n_ zZ4qk`Z;@z`Y>{e_Zjot`ZINq{Z&7GbY*A`aZc%Ab-J*8qCZpc=jhw1G8K*lqu_