Updated documentation for deployment via puppet

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-linux-install-with-puppet.md

@@ -25,8 +25,9 @@ ms.topic: conceptual
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
 
 This topic describes how to deploy Microsoft Defender ATP for Linux through Puppet. A successful deployment requires the completion of all of the following steps:
-- [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
+
-- [Create Puppet policies](#create-jamf-policies)
+- [Download installation and onboarding packages](#download-onboarding-package)
+- [Create Puppet manifest](#create-puppet-manifest)
 - [Client device setup](#client-device-setup)
 - [Deployment](#deployment)
 - [Check onboarding status](#check-onboarding-status)
@@ -48,29 +49,88 @@ Download the onboarding package from Windows Defender Security Center:
     ![Windows Defender Security Center screenshot](images/ATP_Portal_Onboarding_page.png)
 
 4. From a command prompt, verify that you have the file.
-    Extract the contents of the .zip file:
+    Extract the contents of the .zip file and create mdatp_onboard.json file as follows
   
     ```bash
     $ ls -l
     total 8
     -rw-r--r-- 1 test  staff  6287 Oct 21 11:22 WindowsDefenderATPOnboardingPackage.zip
-    $ unzip WindowsDefenderATPOnboardingPackage.zip
+    $ unzip -p WindowsDefenderATPOnboardingPackage.zip | python -c 'import sys,json;data={"onboardingInfo":"\n".join(sys.stdin.readlines())};print(json.dumps(data));' >mdatp_onboard.json
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    inflating: WindowsDefenderATPOnboarding.py
     ```
 
-## Create Puppet manifests
+## Create Puppet manifest
 
-You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server.
+You need to create a puppet manifest for deploying Microsoft Defender ATP for Linux to devices managed by puppet server. This example makes use of *apt* module available from puppetlabs and assumes that apt module has been installed on your puppet server.
+
+Create a folders *install_mdatp/files* and *install_mdatp/manifests* under the modules folder of your puppet installation. This typically is located in */etc/puppetlabs/code/environments/production/modules* on your puppet server. Copy the mdatp.json file created in above step to *install_mdatp/files* folder. Create *init.pp* file which will contain the deployment instructions.
+
+```bash
+$ pwd
+/etc/puppetlabs/code/environments/production/modules
+
+$ tree install_mdatp
+install_mdatp
+├── files
+│   └── mdatp_onboard.json
+└── manifests
+    └── init.pp
+```
+
+Contents of *install_mdatp/manifests/init.pp*
+
+```puppet
+class install_mdatp {
+
+    if ($osfamily == 'Debian') {
+        apt::source { 'microsoftpackages' :
+            location => 'https://packages.microsoft.com/ubuntu/18.04/prod', # change the version based on your OS 
+            release  => 'stable',
+            repos    => 'main',
+            key      => {
+                'id'     => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF',
+                'server' => 'https://packages.microsoft.com/keys/microsoft.asc',
+            },
+        }
+    }
+    else {
+        yumrepo { 'microsoftpackages' :
+            baseurl  => 'https://packages.microsoft.com/rhel/7/prod', # change the version based on your OS 
+            enabled  => 1,
+            gpgcheck => 1,
+            gpgkey   => 'https://packages.microsoft.com/keys/microsoft.asc'
+        }
+    }
+
+    package { 'mdatp':
+        ensure => 'installed',
+    }
+
+    file { ['/etc', '/etc/opt', '/etc/opt/microsoft', '/etc/opt/microsoft/mdatp']:
+        ensure => directory,
+    }
+    file { '/etc/opt/microsoft/mdatp/mdatp_onboard.json':
+        mode => "0644",
+        source => 'puppet:///modules/install_mdatp/mdatp_onboard.json',
+    }
+}
+```
 
 ## Deployment
 
+Include the above manifest in your site.pp file.
+
+```bash
+$ cat /etc/puppetlabs/code/environments/production/manifests/site.pp
+node "default" {
+    include install_mdatp
+}
+```
+
 Enrolled agent devices periodically poll the Puppet Server, and install new configuration profiles and policies as soon as they are detected.
 
 ## Monitoring puppet deployment
 
-
+On the agent machine, you can also check the onboarding status by running:
-You can also check the onboarding status:
 
 ```bash
 $ mdatp --health
@@ -95,6 +155,7 @@ $ mdatp --health healthy
 The above command prints "1" if the product is onboarded and functioning as expected.
 
 If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem:
+
 - 1 if the device is not yet onboarded
 - 3 if the connection to the daemon cannot be established—for example, if the daemon is not running
 
@@ -104,3 +165,12 @@ See [Logging installation issues](microsoft-defender-atp-linux-resources.md#logg
 
 ## Uninstallation
 
+Create a module *remove_mdatp* similar to *install_mdatp* with following contents in *init.pp* file
+
+```bash
+class remove_mdatp {
+    package { 'mdatp':
+        ensure => 'purged',
+    }
+}
+```