diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 6986fb5d5a..a7d5745aeb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -178,7 +178,7 @@ Download the onboarding package from Microsoft Defender Security Center: 1. In Microsoft Defender Security Center, go to **Settings > Machine Management > Onboarding**. 2. In Section 1 of the page, set operating system to **Linux Server** and Deployment method to **Local script**. -3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. +3. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip. ![Microsoft Defender Security Center screenshot](images/atp-portal-onboarding-linux.png) @@ -189,6 +189,7 @@ Download the onboarding package from Microsoft Defender Security Center: $ ls -l total 8 -rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip + $ unzip WindowsDefenderATPOnboardingPackage.zip Archive: WindowsDefenderATPOnboardingPackage.zip inflating: WindowsDefenderATPOnboarding.py diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 016794bca5..e45283ab7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -36,7 +36,7 @@ This topic describes how to deploy Microsoft Defender ATP for Linux through Ansi Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version. - Ansible needs to be installed at least on one computer (we will call it master) -- Password less SSH must be configured for root user between Master and all clients +- Passwordless SSH must be configured for root user between the master and all clients - Below software must be installed on all clients - python-apt - curl @@ -79,7 +79,7 @@ Download the onboarding package from Microsoft Defender Security Center: Create subtask / role files which contribute to an actual task. Create below files under `/etc/ansible/roles` directory. -- Copy onboarding package on all client machines +- Copy onboarding package to all client machines ```bash $ cat /etc/ansible/roles/copy_onboarding_pkg.yml @@ -99,7 +99,7 @@ Create subtask / role files which contribute to an actual task. Create below fil #!/bin/bash - # Unzip the file and create license file + # Unzip the archive and create the onboarding file mkdir -p /etc/opt/microsoft/mdatp/ unzip WindowsDefenderATPOnboardingPackage.zip cp mdatp_onboard.json /etc/opt/microsoft/mdatp/mdatp_onboard.json @@ -109,7 +109,7 @@ Create subtask / role files which contribute to an actual task. Create below fil sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/ ``` -- Create onboarding blob +- Create the onboarding file ```bash $ cat setup_blob.yml @@ -121,7 +121,7 @@ Create subtask / role files which contribute to an actual task. Create below fil group: root mode: '0744' - - name: Run a script to create license blob + - name: Run a script to create the onboarding file script: /root/setup.sh ``` @@ -137,6 +137,9 @@ Create subtask / role files which contribute to an actual task. Create below fil In the below commands, replace *[distro]* and *[version]* with the information identified in the previous step. + > [!NOTE] + > In case of Oracle EL and CentOS 8, use *[distro]* as “rhel”. + - For apt-based distributions use the following YAML file ```bash @@ -206,7 +209,7 @@ Create subtask / role files which contribute to an actual task. Create below fil - yum: name: mdatp state: latest - enablerepo: packages-microsoft-com-prod-insiders-fast + enablerepo: packages-microsoft-com-prod-[channel] ``` ```bash diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index a2f0a9375f..dfd667c83c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -35,7 +35,7 @@ This topic describes how to deploy Microsoft Defender ATP for Linux through Pupp Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version. -In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported puppet modules such as *apt* to help deploy the package. Your organization might use a different workflow. Please refer to [Puppet documentation](https://puppet.com/docs) for details. +In addition, for Puppet deployment, you need to be familiar with Puppet administration tasks, have a Puppet configured, and know how to deploy packages. Puppet has many ways to complete the same task. These instructions assume availability of supported Puppet modules such as *apt* to help deploy the package. Your organization might use a different workflow. Please refer to the [Puppet documentation](https://puppet.com/docs) for details. ## Download onboarding package @@ -59,9 +59,9 @@ Download the onboarding package from Microsoft Defender Security Center: ## Create Puppet manifest -You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your puppet server. +You need to create a Puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by a Puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your Puppet server. -Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp_onboard.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions. +Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your Puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your Puppet server. Copy the mdatp_onboard.json file created in above step to *install_mdatp/files* folder. Create a *init.pp* file which contains the deployment instructions. ```bash $ pwd @@ -75,15 +75,28 @@ install_mdatp └── init.pp ``` -Contents of *install_mdatp/manifests/init.pp* +### Contents of `install_mdatp/manifests/init.pp` + +Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository. + +The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*. + +In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel. + +Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. + +In the below commands, replace *[distro]* and *[version]* with the information identified in the previous step. + +> [!NOTE] +> In case of Oracle EL and CentOS 8, use *[distro]* as “rhel”. ```puppet class install_mdatp { if ($osfamily == 'Debian') { apt::source { 'microsoftpackages' : - location => 'https://packages.microsoft.com/ubuntu/18.04/prod', # change the version and distro based on your OS - release => 'stable', + location => 'https://packages.microsoft.com/[distro]/[version]/prod', # change the version and distro based on your OS + release => '[channel]', repos => 'main', key => { 'id' => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF', @@ -93,7 +106,7 @@ class install_mdatp { } else { yumrepo { 'microsoftpackages' : - baseurl => 'https://packages.microsoft.com/rhel/7/prod', # change the version and distro based on your OS + baseurl => 'https://packages.microsoft.com/[distro]/[version]/[channel]', # change the version and distro based on your OS enabled => 1, gpgcheck => 1, gpgkey => 'https://packages.microsoft.com/keys/microsoft.asc' @@ -127,7 +140,7 @@ node "default" { Enrolled agent devices periodically poll the Puppet Server, and install new configuration profiles and policies as soon as they are detected. -## Monitoring puppet deployment +## Monitoring Puppet deployment On the agent machine, you can also check the onboarding status by running: @@ -135,13 +148,13 @@ On the agent machine, you can also check the onboarding status by running: $ mdatp --health ... licensed : true -orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" +orgId : "[your organization identifier]" ... ``` - **licensed**: This confirms that the device has an ATP license. -- **orgid**: Your Microsoft Defender ATP org id; it will be the same for your organization. +- **orgid**: your Microsoft Defender ATP org id; it will be the same for your organization. ## Check onboarding status diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 00a3968eb8..e3e5cf0f15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -69,7 +69,7 @@ There are several ways to uninstall Microsoft Defender ATP for Linux. If you are ### Manual uninstallation - ```sudo apt-get purge mdatp``` for Debian and Ubuntu systems -- ```sudo yum remove mdatp``` for RHEL, Oracle Linux, CentOS based systems +- ```sudo yum remove mdatp``` for RHEL, Oracle Linux, and CentOS based systems ## Configuring from the command line