From c734446d237d179506c578f1dbda8f6b4bfa7a5a Mon Sep 17 00:00:00 2001 From: Amrut Kale Date: Tue, 18 Feb 2020 16:16:58 +0530 Subject: [PATCH] Added static proxy configuration Added static proxy configuration --- .../linux-install-manually.md | 2 +- .../linux-static-proxy-configuration.md | 76 +++++++++++++++++++ .../microsoft-defender-atp-linux.md | 6 +- 3 files changed, 80 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 38b84b9fe2..989e9be269 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -47,7 +47,7 @@ Download the onboarding package from Microsoft Defender Security Center: 2. In the first drop down, set operating system to **Windows 10** and in second drop down, Deployment method to **Mobile Device Management / Microsoft Intune**. 3. Click on **Download package**. Save it as WindowsDefenderATPOnboardingPackage.zip. - ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_win_intune.png) + ![Windows Defender Security Center screenshot](images/atp-portal-onboarding-win-intune.png) 4. From a command prompt, verify that you have the file. Extract the contents of the .zip file and create mdatp_onboard.json file as follows: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md new file mode 100644 index 0000000000..ee3a9237c9 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -0,0 +1,76 @@ +--- +title: Microsoft Defender ATP for Linux Static Proxy Discovery +ms.reviewer: +description: Describes how to configure Microsoft Defender ATP for static proxy discovery +keywords: microsoft, defender, atp, linux, installation, proxy +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Configuring Microsoft Defender ATP for static proxy discovery + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +Microsoft Defender ATP can discover a proxy server via the ```HTTPS_PROXY``` environment variable. This setting must be configured **both** at installation time and after the product has been installed. + +## Installation time configuration + +During installation, the ```HTTPS_PROXY``` environment variable must be passed to the package manager. The package manager can read this variable in any of these three ways: + +- The ```HTTPS_PROXY``` variable is defined in ```/etc/environment``` with the following line: + + ```bash + HTTPS_PROXY=”http://proxy.server:port/” + ``` + +- The `HTTPS_PROXY` variable is defined in the package manager global configuration. For example, in Ubuntu 18.04, you can add the following line to `/etc/apt/apt.conf.d/proxy.conf` + + ```bash + Acquire::https::Proxy "http://proxy.server:port/"; + ``` + +> [!Caution] +> Note that above two methods could define the proxy to use for other applications on your system. Use this method with caution, or only if this is mean to be a generally global configuration. + +- The `HTTPS_PROXY` variable is prepended to the installation and/or uninstallation commands. For example with the APT package manager, prepend the variable as follows when installing Microsoft Defender ATP: + + ```bash + $ HTTPS_PROXY=”http://proxy.server:port/" apt install mdatp + ``` + + >[!Note] Do not add sudo between the environment variable definition and apt, otherwise the variable will not be propagated. + +The `HTTPS_PROXY` environment variable may similarly be defined during uninstallation. + +Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry will not be submitted, and the operation could take significantly longer due to network timeouts. + +## Post installation configuration + +After installation, the `HTTPS_PROXY` environment variable must be defined in the Microsoft Defender ATP service file. To do this, open `/lib/systemd/system/mdatp.service` in a text editor while running as the root user. Then, you can propagate the variable to the service in one of two ways: + +- Uncomment the line `#Environment=HTTPS_PROXY="http://address:port”` and specify your static proxy address. + +- Add a line `EnvironmentFile=/path/to/env/file`. This path can point to `/etc/environment` or a custom file, either of which needs to the following line: + + ```bash + HTTPS_PROXY=”http://proxy.server:port/” + ``` + +After modifying the `mdatp.service` file, save and close it. Restart the service so the changes can go into effect. In Ubuntu, this involves two commands: + +```bash +$ systemctl daemon-reload; systemctl restart mdatp +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 64f57159cc..1205d192a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -41,11 +41,11 @@ In general you need to take the following steps: - Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal - Deploy Microsoft Defender ATP for Linux using one of the following deployment methods: + - Via the command-line tool: + - [Manual deployment](linux-install-manually.md) - Via third-party management tools: - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md) - [Deploy using Ansbile configuration management tool](linux-install-with-ansible.md) - - Via the command-line tool: - - [Manual deployment](linux-install-manually.md) ### System requirements @@ -79,7 +79,7 @@ Microsoft Defender ATP can discover a proxy server by using the following discov - Transparent proxy - Manual static proxy configuration -If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. +If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md). ## Validating cloud connectivity