diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_win_intune.png b/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_win_intune.png new file mode 100644 index 0000000000..f5c2853226 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/ATP_Portal_Onboarding_win_intune.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md index 5cd69d9301..9cd981bd65 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md @@ -25,8 +25,9 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) This topic describes how to deploy Microsoft Defender ATP for Linux through Puppet. A successful deployment requires the completion of all of the following steps: -- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) -- [Create Puppet policies](#create-jamf-policies) + +- [Download installation and onboarding packages](#download-onboarding-package) +- [Create Puppet manifest](#create-puppet-manifest) - [Client device setup](#client-device-setup) - [Deployment](#deployment) - [Check onboarding status](#check-onboarding-status) @@ -48,29 +49,88 @@ Download the onboarding package from Windows Defender Security Center: ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png) 4. From a command prompt, verify that you have the file. - Extract the contents of the .zip file: + Extract the contents of the .zip file and create mdatp_onboard.json file as follows ```bash $ ls -l total 8 -rw-r--r-- 1 test staff 6287 Oct 21 11:22 WindowsDefenderATPOnboardingPackage.zip - $ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py + $ unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' >mdatp_onboard.json ``` -## Create Puppet manifests +## Create Puppet manifest -You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. +You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your puppet server. + +Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions. + +```bash +$ pwd +/etc/puppetlabs/code/environments/production/modules + +$ tree install_mdatp +install_mdatp +├── files +│   └── mdatp_onboard.json +└── manifests + └── init.pp +``` + +Contents of *install_mdatp/manifests/init.pp* + +```puppet +class install_mdatp { + + if ($osfamily == 'Debian') { + apt::source { 'microsoftpackages' : + location => 'https://packages.microsoft.com/ubuntu/18.04/prod', # change the version based on your OS + release => 'stable', + repos => 'main', + key => { + 'id' => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF', + 'server' => 'https://packages.microsoft.com/keys/microsoft.asc', + }, + } + } + else { + yumrepo { 'microsoftpackages' : + baseurl => 'https://packages.microsoft.com/rhel/7/prod', # change the version based on your OS + enabled => 1, + gpgcheck => 1, + gpgkey => 'https://packages.microsoft.com/keys/microsoft.asc' + } + } + + package { 'mdatp': + ensure => 'installed', + } + + file { ['/etc', '/etc/opt', '/etc/opt/microsoft', '/etc/opt/microsoft/mdatp']: + ensure => directory, + } + file { '/etc/opt/microsoft/mdatp/mdatp_onboard.json': + mode => "0644", + source => 'puppet:///modules/install_mdatp/mdatp_onboard.json', + } +} +``` ## Deployment +Include the above manifest in your site.pp file. + +```bash +$ cat /etc/puppetlabs/code/environments/production/manifests/site.pp +node "default" { + include install_mdatp +} +``` + Enrolled agent devices periodically poll the Puppet Server, and install new configuration profiles and policies as soon as they are detected. ## Monitoring puppet deployment - -You can also check the onboarding status: +On the agent machine, you can also check the onboarding status by running: ```bash $ mdatp --health @@ -95,6 +155,7 @@ $ mdatp --health healthy The above command prints "1" if the product is onboarded and functioning as expected. If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem: + - 1 if the device is not yet onboarded - 3 if the connection to the daemon cannot be established—for example, if the daemon is not running @@ -104,3 +165,12 @@ See [Logging installation issues](microsoft-defender-atp-linux-resources.md#logg ## Uninstallation +Create a module *remove_mdatp* similar to *install_mdatp* with following contents in *init.pp* file + +```bash +class remove_mdatp { + package { 'mdatp': + ensure => 'purged', + } +} +```