Onboard Linux Agent

Onboard MDE sensor

(Rocky Linux in this example)

Download the onboarding package from security.microsoft.com
Transfer it to the machine
Download the installer script from https://github.com/microsoft/mdatp-xplat/tree/master/linux/installation

sudo dnf install yum-utils -y
sudo ./mde_installer.sh --install --channel prod --onboard MicrosoftDefenderATPOnboardingLinuxServer.py --tag GROUP MGMT --min_req -y

# Check health status (should return true)
mdatp health --field healthy
# Enable Realtime protection
mdatp config real-time-protection --value enabled
# Check if enabled 
mdatp health --field real_time_protection_enabled
# Enable PUA Protection, Available actions: off, audit, block. Default Audit. 
mdatp threat policy set --type potentially_unwanted_application --action block
# Enable behavioural monitoring
mdatp config behavior_monitoring --value enabled

Last updated 3 months ago