Merge pull request #2217 from MicrosoftDocs/user/tudobril/linux-manual-fix

Add sudo to apt-key & guidance for validating the managed config
2025-05-14 14:27:22 +00:00 · 2020-03-06 08:40:11 -08:00 · 2020-03-06 08:40:11 -08:00 · f3a44eafcf
commit f3a44eafcf
parent ced7747799 48224cf88d
3 changed files with 26 additions and 5 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@ -153,7 +153,7 @@ In order to preview new features and provide early feedback, it is recommended t
 - Install the Microsoft GPG public key:

    ```bash
-    curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
+    curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
    ```

 - Install the https driver if it's not already present:
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@ -35,7 +35,7 @@ This topic describes the structure of this profile (including a recommended prof

 The configuration profile is a .json file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can be simple, such as a numerical value, or complex, such as a nested list of preferences.

-Typically, you would use a configuration management tool to push a file with the name ```mdatp_maanged.json``` at the location ```/etc/opt/microsoft/mdatp/managed/```.
+Typically, you would use a configuration management tool to push a file with the name ```mdatp_managed.json``` at the location ```/etc/opt/microsoft/mdatp/managed/```.

 The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.

@ -51,7 +51,7 @@ The *antivirusEngine* section of the configuration profile is used to manage the

 #### Enable / disable real-time protection

-Detemines whether real-time protection (scan files as they are accessed) is enabled or not.
+Determines whether real-time protection (scan files as they are accessed) is enabled or not.

 |||
 |:---|:---|
@ -61,7 +61,7 @@ Detemines whether real-time protection (scan files as they are accessed) is enab

 #### Enable / disable passive mode

-Detemines whether the antivirus engine runs in passive mode or not. In passive mode:
+Determines whether the antivirus engine runs in passive mode or not. In passive mode:
 - Real-time protection is turned off.
 - On-demand scanning is turned on.
 - Automatic threat remediation is turned off.
@ -351,6 +351,16 @@ The following configuration profile contains entries for all settings described
 }
 ```

+## Configuration profile validation
+
+The configuration profile must be a valid JSON-formatted file. There are a number of tools that can be used to verify this. For example, if you have `python` installed on your device:
+
+```bash
+$ python -m json.tool mdatp_managed.json
+```
+
+If the JSON is well-formed, the above command outputs it back to the Terminal and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
+
 ## Configuration profile deployment

 Once you've built the configuration profile for your enterprise, you can deploy it through the management tool that your enterprise is using. Microsoft Defender ATP for Linux reads the managed configuration from the */etc/opt/microsoft/mdatp/managed/mdatp_managed.json* file.
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@ -730,13 +730,24 @@ The following configuration profile contains entries for all settings described
        </array>
 ```

+## Configuration profile validation
+
+The configuration profile must be a valid *.plist* file. This can be checked by executing:
+
+```bash
+$ plutil -lint com.microsoft.wdav.plist
+com.microsoft.wdav.plist: OK
+```
+
+If the configuration profile is well-formed, the above command outputs `OK` and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
+
 ## Configuration profile deployment

 Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.

 ### JAMF deployment

-From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with `com.microsoft.wdav` as the preference domain and upload the .plist produced earlier.
+From the JAMF console, open **Computers** > **Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**. Create an entry with `com.microsoft.wdav` as the preference domain and upload the *.plist* produced earlier.

 >[!CAUTION]
 >You must enter the correct preference domain (`com.microsoft.wdav`); otherwise, the preferences will not be recognized by Microsoft Defender ATP.