diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
index 828c7b8f00..4e59ea8aad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@@ -259,18 +259,29 @@ Determines whether suspicious samples (that are likely to contain threats) are s
| **Data type** | String |
| **Possible values** | none
safe (default)
all |
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default)
false |
+
## Recommended configuration profile
To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
The following configuration profile will:
-- Enable real-time protection (RTP).
+- Enable real-time protection (RTP)
- Specify how the following threat types are handled:
- - **Potentially unwanted applications (PUA)** are blocked.
- - **Archive bombs** (file with a high compression rate) are audited to the product logs.
-- Enable cloud-delivered protection.
-- Enable automatic sample submission at `safe` level.
+ - **Potentially unwanted applications (PUA)** are blocked
+ - **Archive bombs** (file with a high compression rate) are audited to the product logs
+- Enable automatic security intelligence updates
+- Enable cloud-delivered protection
+- Enable automatic sample submission at `safe` level
### Sample profile
@@ -290,6 +301,7 @@ The following configuration profile will:
]
},
"cloudService":{
+ "automaticDefinitionUpdateEnabled":true,
"automaticSampleSubmissionConsent":"safe",
"enabled":true
}
@@ -350,7 +362,8 @@ The following configuration profile contains entries for all settings described
"cloudService":{
"enabled":true,
"diagnosticLevel":"optional",
- "automaticSampleSubmissionConsent":"safe"
+ "automaticSampleSubmissionConsent":"safe",
+ "automaticDefinitionUpdateEnabled":true
}
}
```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index 9682edb6d0..08c161f099 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -110,3 +110,12 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
- Computer model
- Processor architecture
- Whether the device is a virtual machine
+
+### Known issues
+
+- Logged on users do not appear in the Microsoft Defender Security Center portal.
+- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
+
+ ```bash
+ $ sudo SUSEConnect --status-text
+ ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 19065efe0b..aca2dae621 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -277,6 +277,16 @@ Determines whether suspicious samples (that are likely to contain threats) are s
| **Data type** | Boolean |
| **Possible values** | true (default)
false |
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default)
false |
+
### User interface preferences
Manage the preferences for the user interface of Microsoft Defender ATP for Mac.
@@ -358,6 +368,7 @@ The following configuration profile (or, in case of JAMF, a property list that c
- Specify how the following threat types are handled:
- **Potentially unwanted applications (PUA)** are blocked
- **Archive bombs** (file with a high compression rate) are audited to Microsoft Defender ATP logs
+- Enable automatic security intelligence updates
- Enable cloud-delivered protection
- Enable automatic sample submission
@@ -394,6 +405,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
automaticSampleSubmission
+ automaticDefinitionUpdateEnabled
+
@@ -471,6 +484,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
automaticSampleSubmission
+ automaticDefinitionUpdateEnabled
+
@@ -563,6 +578,8 @@ The following templates contain entries for all settings described in this docum
optional
automaticSampleSubmission
+ automaticDefinitionUpdateEnabled
+
edr
@@ -701,6 +718,8 @@ The following templates contain entries for all settings described in this docum
optional
automaticSampleSubmission
+ automaticDefinitionUpdateEnabled
+
edr
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index edc161f217..385bdbecbb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -20,20 +20,7 @@ ms.topic: conceptual
# Microsoft Defender ATP for Linux
-> [!IMPORTANT]
-> **PUBLIC PREVIEW EDITION**
->
-> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
->
-> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
->
-> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
-
-This topic describes how to install, configure, update, and use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux.
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4q3yP]
-
-
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Linux.
> [!CAUTION]
> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
@@ -46,16 +33,6 @@ This topic describes how to install, configure, update, and use Microsoft Defend
- Beginner-level experience in Linux and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
-### Known issues
-
-- Logged on users do not appear in the ATP portal.
-- Running the product on CentOS / RHEL / Oracle Linux 7.0 or 7.1 with kernel versions lower than 3.10.0-327 can result in hanging the operating system. We recommend that you upgrade to version 7.2 or newer.
-- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
-
- ```bash
- $ sudo SUSEConnect --status-text
- ```
-
### Installation instructions
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
@@ -108,8 +85,6 @@ If you experience any installation failures, refer to [Troubleshooting installat
- `vfat`
- `xfs`
- More file system types will be added in the future.
-
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
### Network connections