From 05bb4d335e944ba3b59ad0a083f7ab8a1f4231ec Mon Sep 17 00:00:00 2001 From: Amrut Kale Date: Mon, 17 Feb 2020 19:06:56 +0530 Subject: [PATCH] Fixed links after re-structuring files Fixed links after re-structuring files --- .../linux-install-manually.md | 6 +- .../linux-install-with-puppet.md | 4 +- .../linux-preferences.md | 2 +- .../microsoft-defender-atp-linux.md | 67 +++++++++++-------- 4 files changed, 46 insertions(+), 33 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 7e214e9a60..38b84b9fe2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -37,7 +37,7 @@ Before you get started, see [the main Microsoft Defender ATP for Linux page](mic ## Configure Microsoft's Linux Software Repository -Follow the steps given in [Configure Microsoft's Linux Software Repository](https://docs.microsoft.com/en-us/windows-server/administration/linux-package-repository-for-microsoft-software) to setup the repository. +Follow the steps given in [Configure Microsoft's Linux Software Repository](https://docs.microsoft.com/windows-server/administration/linux-package-repository-for-microsoft-software) to setup the repository. ## Download onboarding package @@ -121,8 +121,8 @@ Copy and run the command below: ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-linux-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](linux-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-linux-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Linux from client devices. +See [Uninstalling](linux-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Linux from client devices. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 3731d54b7c..a61a09e1e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -45,7 +45,7 @@ Download the onboarding package from Microsoft Defender Security Center: 2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**. 3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip. - ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_win_intune.png) + ![Windows Defender Security Center screenshot](images/atp-portal-onboarding-win-intune.png) 4. From a command prompt, verify that you have the file. Extract the contents of the .zip file and create mdatp_onboard.json file as follows: @@ -160,7 +160,7 @@ If the product is not healthy, the exit code (which can be checked through `echo ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-linux-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](linux-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index eb249f3fe3..d1a41ccd3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -25,7 +25,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) >[!IMPORTANT] ->This topic contains instructions for how to set preferences for Microsoft Defender ATP for Linux in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-linux-resources.md#configuring-from-the-command-line) page. +>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Linux in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](linux-resources.md#configuring-from-the-command-line) page. In enterprise environments, Microsoft Defender ATP for Linux can be managed through a configuration profile. This profile is deployed from management tool of your choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise are not able to change preferences that are set through this configuration profile. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index ae7104ff7f..64f57159cc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -24,7 +24,7 @@ This topic describes how to install, configure, update, and use Microsoft Defend > [!CAUTION] > Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to lead to performance problems and unpredictable side effects. - + ## How to install Microsoft Defender ATP for Linux ### Prerequisites @@ -33,6 +33,20 @@ This topic describes how to install, configure, update, and use Microsoft Defend - Beginner-level experience in Linux and BASH scripting - Administrative privileges on the device (in case of manual deployment) +### Installation instructions + +There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux. + +In general you need to take the following steps: + +- Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal +- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods: + - Via third-party management tools: + - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md) + - [Deploy using Ansbile configuration management tool](linux-install-with-ansible.md) + - Via the command-line tool: + - [Manual deployment](linux-install-manually.md) + ### System requirements - Supported Linux server distributions and versions: @@ -42,17 +56,24 @@ This topic describes how to install, configure, update, and use Microsoft Defend - Ubuntu 16.04 LTS or higher LTS - Debian 9 or higher - SUSE Linux Enterprise Server 12 or higher + - Oracle Enterprise Linux 7 -- Disk space: 650 MB. +- Minimum kernel version 2.6.38 +- The **fanotify** kernel option must be enabled +- Disk space: 650 MB. -If your Linux server is behind firewall or proxy, you will likely need to allow outbound connections between it and following servers. The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. +After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. + +### Network connections + +The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. | Service location | DNS record | | ---------------------------------------- | ----------------------- | -| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
*.blob.core.windows.net
officecdn-microsoft-com.akamaized.net | -| European Union | europe.x.cp.wd.microsoft.com | -| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com | -| United States | unitedstates.x.cp.wd.microsoft.com | +| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
*.blob.core.windows.net
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com | +| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com | +| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com | +| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com | Microsoft Defender ATP can discover a proxy server by using the following discovery methods: - Transparent proxy @@ -60,6 +81,8 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. +## Validating cloud connectivity + To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. If you prefer the command line, you can also check the connection by running the following command in Terminal: @@ -86,38 +109,28 @@ Testing connection with https://ussus1eastprod.blob.core.windows.net ... [OK] Testing connection with https://ussus1westprod.blob.core.windows.net ... [OK] ``` -### Installation instructions - -There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux. - -In general you need to take the following steps: - -- Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal -- Deploy Microsoft Defender ATP for Linux using one of the following deployment methods: - - Via third-party management tools: - - [Deploy using Puppet configuration management tool](microsoft-defender-atp-linux-install-with-puppet.md) - - [Deploy using Ansbile configuration management tool](microsoft-defender-atp-linux-install-with-ansible.md) - - [Other configuration management tools](microsoft-defender-atp-linux-install-with-other-configtool.md) - - Via the command-line tool: - - [Manual deployment](microsoft-defender-atp-linux-install-manually.md) ## How to update Microsoft Defender ATP for Linux -Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Linux, refer to [Deploy updates for Microsoft Defender ATP for Linux](microsoft-defender-atp-linux-updates.md) +Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Linux, refer to [Deploy updates for Microsoft Defender ATP for Linux](linux-updates.md) ## How to configure Microsoft Defender ATP for Linux -Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](microsoft-defender-atp-linux-preferences.md). +Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). ## Known Issues +- When a large volume of threats are encountered on the device, the product might exhibit increasingly large memory consumption (until the next product restart / system reboot). The engineering team is actively working on a mitigation for this - Logged on users do not appear in the ATP portal -- Quarantining a threat requires elevated permissions. Run with ```sudo mdatp --threat --quarantine ``` -- Product has not been evaluated yet side by side with SELinux +- While we are working on creating a better onboarding experience for Linux in the Microsoft Defender Security Center portal, the steps below temporarily point to the Windows section of the portal for getting the onboarding package +- In SUSE distributions, if the libatomic1 failed to be installed please validate that your OS is registered by typing the following command in the terminal: +```bash +sudo SUSEConnect --status-text +``` ## Resources -- For more information about logging, uninstalling, or other topics, see the [Resources](microsoft-defender-atp-linux-resources.md) page. +- For more information about logging, uninstalling, or other topics, see the [Resources](linux-resources.md) page. -- [Privacy for Microsoft Defender ATP for Linux](microsoft-defender-atp-linux-privacy.md) +- [Privacy for Microsoft Defender ATP for Linux](linux-privacy.md)