From b6e7c0bb2899d2e807714331ef91cda3cf1cce58 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 21 May 2020 13:20:05 -0700 Subject: [PATCH 1/9] Update preferences page for new options for sample submission --- .../microsoft-defender-atp/linux-preferences.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 537883114e..bafb5834dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -247,13 +247,17 @@ Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, de #### Enable / disable automatic sample submissions -Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information. +Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. There are three levels for controlling sample submission: + +- **None**: no suspicious samples are submitted to Microsoft. +- **Safe**: only suspicious samples that do not contain personally identifiable information (PII) are submitted automatically. This is the default value for this setting. +- **All**: all suspicious samples are submitted to Microsoft. ||| |:---|:---| -| **Key** | automaticSampleSubmission | +| **Key** | automaticSampleSubmissionConsent | | **Data type** | Boolean | -| **Possible values** | true (default)
false | +| **Possible values** | none
safe (default)
all | ## Recommended configuration profile @@ -266,7 +270,7 @@ The following configuration profile will: - **Potentially unwanted applications (PUA)** are blocked. - **Archive bombs** (file with a high compression rate) are audited to the product logs. - Enable cloud-delivered protection. -- Enable automatic sample submission. +- Enable automatic sample submission at `safe` level. ### Sample profile @@ -286,7 +290,7 @@ The following configuration profile will: ] }, "cloudService":{ - "automaticSampleSubmission":true, + "automaticSampleSubmissionConsent":"safe", "enabled":true } } @@ -346,7 +350,7 @@ The following configuration profile contains entries for all settings described "cloudService":{ "enabled":true, "diagnosticLevel":"optional", - "automaticSampleSubmission":true + "automaticSampleSubmissionConsent":"safe" } } ``` From 0ade3ada666ad66c5d0201755b1b76e5b82fb3e8 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 22 May 2020 17:22:16 -0700 Subject: [PATCH 2/9] . --- .../microsoft-defender-atp/linux-preferences.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index bafb5834dd..828c7b8f00 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -256,7 +256,7 @@ Determines whether suspicious samples (that are likely to contain threats) are s ||| |:---|:---| | **Key** | automaticSampleSubmissionConsent | -| **Data type** | Boolean | +| **Data type** | String | | **Possible values** | none
safe (default)
all | ## Recommended configuration profile From fde8590b82b31835ca5a5f9fbb4334e7479a86e5 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 29 May 2020 10:46:07 -0700 Subject: [PATCH 3/9] Updated strings to new syntax --- .../linux-exclusions.md | 18 +++---- .../linux-install-manually.md | 10 ++-- .../linux-install-with-ansible.md | 4 +- .../linux-install-with-puppet.md | 6 +-- .../microsoft-defender-atp/linux-pua.md | 2 +- .../microsoft-defender-atp/linux-resources.md | 50 +++++++++---------- .../linux-support-connectivity.md | 4 +- .../linux-support-install.md | 3 +- .../linux-support-perf.md | 10 ++-- 9 files changed, 53 insertions(+), 54 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index ef0797f456..a8aa943686 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -64,7 +64,7 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano Run the following command to see the available switches for managing exclusions: ```bash -$ mdatp --exclusion +$ mdatp exclusion ``` Examples: @@ -72,29 +72,29 @@ Examples: - Add an exclusion for a file extension: ```bash - $ mdatp --exclusion --add-extension .txt - Configuration updated successfully + $ mdatp exclusion extension add --name .txt + Extension exclusion configured successfully ``` - Add an exclusion for a file: ```bash - $ mdatp --exclusion --add-folder /var/log/dummy.log - Configuration updated successfully + $ mdatp exclusion file add --path /var/log/dummy.log + File exclusion configured successfully ``` - Add an exclusion for a folder: ```bash - $ mdatp --exclusion --add-folder /var/log/ - Configuration updated successfully + $ mdatp exclusion folder add --path /var/log/ + Folder exclusion configured successfully ``` - Add an exclusion for a process: ```bash - $ mdatp --exclusion --add-process cat - Configuration updated successfully + $ mdatp exclusion process add --name cat + Process exclusion configured successfully ``` ## Validate exclusions lists with the EICAR test file diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 31656eeae6..702afa998e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -268,7 +268,7 @@ Download the onboarding package from Microsoft Defender Security Center: Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank: ```bash - mdatp --health orgId + mdatp health --field org_id ``` 2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device: @@ -280,13 +280,13 @@ Download the onboarding package from Microsoft Defender Security Center: 3. Verify that the machine is now associated with your organization and reports a valid organization identifier: ```bash - mdatp --health orgId + mdatp health --field org_id ``` 4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected: ```bash - mdatp --health healthy + mdatp health --field healthy ``` > [!IMPORTANT] @@ -298,7 +298,7 @@ Download the onboarding package from Microsoft Defender Security Center: - Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): ```bash - mdatp --health realTimeProtectionEnabled + mdatp health --field real_time_protection_enabled ``` - Open a Terminal window. Copy and execute the following command: @@ -310,7 +310,7 @@ Download the onboarding package from Microsoft Defender Security Center: - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats: ```bash - mdatp --threat --list --pretty + mdatp threat list ``` ## Log installation issues diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 34b6be737e..2227ba8f15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -241,8 +241,8 @@ Now run the tasks files under `/etc/ansible/playbooks/`. - Validation/configuration: ```bash - $ ansible -m shell -a 'mdatp --connectivity-test' all - $ ansible -m shell -a 'mdatp --health' all + $ ansible -m shell -a 'mdatp connectivity test' all + $ ansible -m shell -a 'mdatp health' all ``` - Uninstallation: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 3914bf58e0..0db0c18a3a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -174,10 +174,10 @@ Enrolled agent devices periodically poll the Puppet Server, and install new conf On the agent machine, you can also check the onboarding status by running: ```bash -$ mdatp --health +$ mdatp health ... licensed : true -orgId : "[your organization identifier]" +org_id : "[your organization identifier]" ... ``` @@ -190,7 +190,7 @@ orgId : "[your organization identifier]" You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status: ```bash -mdatp --health healthy +mdatp health --field healthy ``` The above command prints `1` if the product is onboarded and functioning as expected. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index b0cd02009a..415341d721 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma In Terminal, execute the following command to configure PUA protection: ```bash -$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block] +$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block] ``` ### Use the management console to configure PUA protection: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index adc92e7c31..7014bcacaa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -31,29 +31,24 @@ If you can reproduce a problem, please increase the logging level, run the syste 1. Increase logging level: ```bash - $ mdatp --log-level verbose - Creating connection to daemon - Connection established - Operation succeeded + $ mdatp log level set --level verbose + Log level configured successfully ``` 2. Reproduce the problem. -3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: +3. Run `sudo mdatp diagnostic create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: ```bash - $ sudo mdatp --diagnostic --create - Creating connection to daemon - Connection established + $ sudo mdatp diagnostic create + Diagnostic file created: ``` 4. Restore logging level: ```bash - $ mdatp --log-level info - Creating connection to daemon - Connection established - Operation succeeded + $ mdatp log level set --level info + Log level configured successfully ``` ## Log installation issues @@ -78,21 +73,22 @@ Important tasks, such as controlling product settings and triggering on-demand s |Group |Scenario |Command | |-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp --config realTimeProtectionEnabled [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp --config cloudEnabled [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp --config cloudDiagnosticEnabled [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp --config cloudAutomaticSampleSubmission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp --threat --type-handling potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp --threat --type-handling potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp --threat --type-handling potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp --log-level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp --scan --path [path]` | -|Protection |Do a quick scan |`mdatp --scan --quick` | -|Protection |Do a full scan |`mdatp --scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp --scan --cancel` | -|Protection |Request a security intelligence update |`mdatp --definition-update` | +|Configuration|Turn on/off real-time protection |`mdatp config real_time_protection --value [enabled|disabled]` | +|Configuration|Turn on/off cloud protection |`mdatp config cloud --value [enabled|disabled]` | +|Configuration|Turn on/off product diagnostics |`mdatp config cloud-diagnostic --value [enabled|disabled]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config cloud-automatic-sample-submission [enabled|disabled]` | +|Configuration|Turn on/off AV passive mode |`mdatp config passive-mode [enabled|disabled]` | +|Configuration|Turn on PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action block` | +|Configuration|Turn off PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application --action audit` | +|Diagnostics |Change the log level |`mdatp log level set --level verbose [error|warning|info|verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Health |Check the product's health |`mdatp health` | +|Protection |Scan a path |`mdatp scan custom --path [path]` | +|Protection |Do a quick scan |`mdatp scan quick` | +|Protection |Do a full scan |`mdatp scan full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | +|Protection |Request a security intelligence update |`mdatp definitions update` | ## Microsoft Defender ATP portal information diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 4a25d355bf..a124167305 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -29,7 +29,7 @@ ms.topic: conceptual To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line: ```bash -$ mdatp --connectivity-test +$ mdatp connectivity test ``` If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall. @@ -84,7 +84,7 @@ $ sudo systemctl daemon-reload; sudo systemctl restart mdatp Upon success, attempt another connectivity test from the command line: ```bash -$ mdatp --connectivity-test +$ mdatp connectivity test ``` If the problem persists, contact customer support. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 0982c630fa..8ffdc04ee8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -116,6 +116,7 @@ and try again. If none of the above steps help, collect the diagnostic logs: ```bash -$ sudo mdatp --diagnostic --create +$ sudo mdatp diagnostic create +Diagnostic file created: ``` Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 55da60a602..6748041572 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -36,7 +36,8 @@ The following steps can be used to troubleshoot and mitigate these issues: If your device is not managed by your organization, real-time protection can be disabled from the command line: ```bash - $ mdatp --config realTimeProtectionEnabled false + $ mdatp config real-time-protection --value disabled + Configuration property updated ``` If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). @@ -49,19 +50,20 @@ The following steps can be used to troubleshoot and mitigate these issues: This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: ```bash - $ mdatp config real_time_protection_statistics_enabled on + $ mdatp config real-time-protection-statistics --value enabled ``` This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: ```bash - $ mdatp health + $ mdatp health --field real_time_protection_enabled ``` Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: ```bash - $ mdatp --config realTimeProtectionEnabled true + $ mdatp config real-time-protection --value enabled + Configuration property updated ``` To collect current statistics, run: From b9c85e035b770cbf10936088243cf703959540e4 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 8 Jun 2020 20:38:25 -0700 Subject: [PATCH 4/9] Update supported file systems --- .../microsoft-defender-atp-linux.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 0a57598987..4ece6145ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -92,10 +92,20 @@ If you experience any installation failures, refer to [Troubleshooting installat - The solution currently provides real-time protection for the following file system types: - btrfs + - ecryptfs - ext2 - ext3 - ext4 + - fuse + - fuseblk + - jfs + - nfs + - overlay + - ramfs + - reiserfs - tmpfs + - udf + - vfat - xfs More file system types will be added in the future. From 6871121d5e0e04d92cf709ebc48fec66bdfd4e21 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 8 Jun 2020 20:49:42 -0700 Subject: [PATCH 5/9] Add release notes for 101.00.75 --- .../microsoft-defender-atp/linux-whatsnew.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 4c49223e78..e7408568e2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -19,6 +19,12 @@ ms.topic: conceptual # What's new in Microsoft Defender Advanced Threat Protection for Linux +## 101.00.75 + +- Added support for the following file system types: ecryptfs, fuse, fuseblk, jfs, nfs, overlay, ramfs, reiserfs, udf, and vfat +- New syntax for the command-line tool. See [this page](linux-resources.md#configure-from-the-command-line) for more information. +- Performance improvements & bug fixes + ## 100.90.70 > [!WARNING] From 1ae027aece701aeb2592bf1e40bd4004e13148dd Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 8 Jun 2020 20:54:28 -0700 Subject: [PATCH 6/9] Add note on product expiration --- .../microsoft-defender-atp/linux-updates.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index 37b668c4f2..50bbc417f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -26,6 +26,12 @@ ms.topic: conceptual Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. +> [!WARNING] +> Each version of Microsoft Defender ATP for Linux has an expiration date, after which it will no longer continue to protect your device. You must update the product prior to this date. To check the expiration date, run the following command: +> ```bash +> mdatp health --field product_expiration +> ``` + To update Microsoft Defender ATP for Linux manually, execute one of the following commands: ## RHEL and variants (CentOS and Oracle Linux) From 0fdaac8f013ef40f4cb594bc13f0fdd6618517eb Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 8 Jun 2020 20:57:30 -0700 Subject: [PATCH 7/9] Add note on how to check definition update status --- .../microsoft-defender-atp/linux-install-manually.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 702afa998e..ef65ef7094 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -290,7 +290,10 @@ Download the onboarding package from Microsoft Defender Security Center: ``` > [!IMPORTANT] - > When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `0`.
+ > When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes. During this time the above command returns a value of `false`. You can check the status of the definition update using the following command: + > ```bash + > mdatp health --field definitions_status + > ``` > Please note that you may also need to configure a proxy after completing the initial installation. See [Configure Microsoft Defender ATP for Linux for static proxy discovery: Post-installation configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration#post-installation-configuration). 5. Run a detection test to verify that the machine is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded machine: From 96e42b92999941dc3d9ed5715aca838bf4e6b564 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 16 Jun 2020 10:57:57 -0700 Subject: [PATCH 8/9] Styling --- .../microsoft-defender-atp/linux-resources.md | 2 +- .../microsoft-defender-atp/linux-whatsnew.md | 4 +-- .../microsoft-defender-atp-linux.md | 32 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 7014bcacaa..9682edb6d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -37,7 +37,7 @@ If you can reproduce a problem, please increase the logging level, run the syste 2. Reproduce the problem. -3. Run `sudo mdatp diagnostic create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: +3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds: ```bash $ sudo mdatp diagnostic create diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index e7408568e2..0c3138f156 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -21,8 +21,8 @@ ms.topic: conceptual ## 101.00.75 -- Added support for the following file system types: ecryptfs, fuse, fuseblk, jfs, nfs, overlay, ramfs, reiserfs, udf, and vfat -- New syntax for the command-line tool. See [this page](linux-resources.md#configure-from-the-command-line) for more information. +- Added support for the following file system types: `ecryptfs`, `fuse`, `fuseblk`, `jfs`, `nfs`, `overlay`, `ramfs`, `reiserfs`, `udf`, and `vfat` +- New syntax for the command-line tool. For more information, see [this page](linux-resources.md#configure-from-the-command-line). - Performance improvements & bug fixes ## 100.90.70 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 4ece6145ec..edc161f217 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -91,22 +91,22 @@ If you experience any installation failures, refer to [Troubleshooting installat - Disk space: 650 MB - The solution currently provides real-time protection for the following file system types: - - btrfs - - ecryptfs - - ext2 - - ext3 - - ext4 - - fuse - - fuseblk - - jfs - - nfs - - overlay - - ramfs - - reiserfs - - tmpfs - - udf - - vfat - - xfs + - `btrfs` + - `ecryptfs` + - `ext2` + - `ext3` + - `ext4` + - `fuse` + - `fuseblk` + - `jfs` + - `nfs` + - `overlay` + - `ramfs` + - `reiserfs` + - `tmpfs` + - `udf` + - `vfat` + - `xfs` More file system types will be added in the future. From df6ac5c1ddd7dc29ca453ce8209f8e107e757e06 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 16 Jun 2020 15:55:32 -0700 Subject: [PATCH 9/9] Corrected indentation of a code block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous indentation resulted in the code block being rendered entirely—including the backticks—as a block of plain text. --- .../linux-install-with-ansible.md | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 2227ba8f15..f6753d00a3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -149,31 +149,31 @@ Create subtask or role files that contribute to an actual task. First create the > [!NOTE] > In case of Oracle Linux, replace *[distro]* with “rhel”. - ```bash - - name: Add Microsoft apt repository for MDATP - apt_repository: - repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main - update_cache: yes - state: present - filename: microsoft-[channel].list - when: ansible_os_family == "Debian" + ```bash + - name: Add Microsoft apt repository for MDATP + apt_repository: + repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main + update_cache: yes + state: present + filename: microsoft-[channel].list + when: ansible_os_family == "Debian" - - name: Add Microsoft APT key - apt_key: - keyserver: https://packages.microsoft.com/ - id: BC528686B50D79E339D3721CEB3E94ADBE1229CF - when: ansible_os_family == "Debian" + - name: Add Microsoft APT key + apt_key: + keyserver: https://packages.microsoft.com/ + id: BC528686B50D79E339D3721CEB3E94ADBE1229CF + when: ansible_os_family == "Debian" - - name: Add Microsoft yum repository for MDATP - yum_repository: - name: packages-microsoft-com-prod-[channel] - description: Microsoft Defender ATP - file: microsoft-[channel] - baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/ - gpgcheck: yes - enabled: Yes - when: ansible_os_family == "RedHat" - ``` + - name: Add Microsoft yum repository for MDATP + yum_repository: + name: packages-microsoft-com-prod-[channel] + description: Microsoft Defender ATP + file: microsoft-[channel] + baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/ + gpgcheck: yes + enabled: Yes + when: ansible_os_family == "RedHat" + ``` - Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`.