Merge branch 'master' into repo_sync_working_branch

2025-05-18 16:27:22 +00:00 · 2020-11-19 08:38:33 -08:00 · 2020-11-19 08:38:33 -08:00 · 344b43468b
commit 344b43468b
parent 7c6ab99946 d81a16a942
5 changed files with 170 additions and 3 deletions
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -8,7 +8,6 @@
 ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
 ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md)
 ### [Portal overview](microsoft-defender-atp/portal-overview.md)
-### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/gov.md)
 ### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md)

 ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
@ -297,6 +296,7 @@
 ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
 ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
+##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md)

 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
--- a/windows/security/threat-protection/images/linux-mdatp-1.png
+++ b/windows/security/threat-protection/images/linux-mdatp-1.png
--- a/windows/security/threat-protection/images/linux-mdatp.png
+++ b/windows/security/threat-protection/images/linux-mdatp.png
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
@ -0,0 +1,167 @@
+---
+title: How to schedule scans with Microsoft Defender for Endpoint (Linux)
+description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
+keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Schedule scans with Microsoft Defender for Endpoint (Linux)
+
+To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands).
+
+Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
+
+## Pre-requisite
+
+> [!NOTE]
+> To get a list of all the time zones, run the following command:
+> `timedatectl list-timezones`<br>
+> Examples for timezones:
+> - `America/Los_Angeles`
+> - `America/New_York`
+> - `America/Chicago`
+> - `America/Denver`
+
+## To set the Cron job
+Use the following commands:
+
+**To backup crontab entries**
+
+`sudo crontab -l > /var/tmp/cron_backup_200919.dat`
+
+> [!NOTE]
+> Where 200919 == YRMMDD
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+To edit the crontab, and add a new job as a root user: <br>
+`sudo crontab -e`
+
+> [!NOTE]
+> The default editor is VIM.
+
+You might see:
+
+0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
+
+Press “Insert”
+
+Add the following entries:
+
+CRON_TZ=America/Los_Angeles
+
+0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log
+
+> [!NOTE]
+>In this example, we have  set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8).
+
+Press “Esc”
+
+Type “:wq” without the double quotes.
+
+> [!NOTE]
+> w == write, q == quit
+
+To view your cron jobs, type `sudo crontab -l`
+
+:::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp":::
+
+**To inspect cron job runs**
+
+`sudo grep mdatp /var/log/cron`
+
+**To inspect the mdatp_cron_job.log**
+
+`sudo nano mdatp_cron_job.log`
+
+## For those who use Ansible, Chef, or Puppet
+
+Use the following commands:
+### To set cron jobs in Ansible
+
+`cron – Manage cron.d and crontab entries`
+
+See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information.
+
+### To set crontabs in Chef
+`cron resource`
+
+See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information.
+
+### To set cron jobs in Puppet
+Resource Type: cron
+
+See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information.
+
+Automating with Puppet: Cron jobs and scheduled tasks
+
+See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information.
+
+## Additional information
+
+**To get help with crontab**
+
+`man crontab`
+
+**To get a list of crontab file of the current user**
+
+`crontab -l`
+
+**To get a list of crontab file of another user**
+
+`crontab -u username -l`
+
+**To backup crontab entries**
+
+`crontab -l > /var/tmp/cron_backup.dat`
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+**To restore crontab entries**
+
+`crontab /var/tmp/cron_backup.dat`
+
+**To edit the crontab and add a new job as a root user**
+
+`sudo crontab -e`
+
+**To edit the crontab and add a new job**
+
+`crontab -e`
+
+**To edit other user’s crontab entries**
+
+`crontab -u username -e`
+
+**To remove all crontab entries**
+
+`crontab -r`
+
+**To remove other user’s crontab entries**
+
+`crontab -u username -r`
+
+**Explanation**
+
+—————- minute (values: 0 – 59) (special characters: , – * /)  <br>
+| +————- hour (values: 0 – 23) (special characters: , – * /) <br>
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)  <br>
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )  <br>
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) <br>
+| | | | |*****command to be executed
+
+
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file:

    ```bash
-    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.apple.webcontent-filter.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "<CertificateName>" -i <PathToFile>/com.microsoft.network-extension.mobileconfig -o <PathToSignedFile>/com.microsoft.network-extension.signed.mobileconfig
    ```
    
    For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents:
    
    ```bash
-    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
+    $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig
    ```
    
 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file.