Preface
I am going to be installing Microsoft Defender for Endpoint onto an Ubuntu 22.04.01 machine.
Prerequisites
- Download the OnBoarding Linux Script
- Ability to elevate to sudo account
Install the following packages onto the machine
sudo apt-get update
sudo apt-get install curl
sudo apt-get install libplist-utils
sudo apt-get install apt-transport-https
sudo apt-get install gpg
sudo apt-get install ntp
Configure your local timezone by following the prompts
sudo dpkg-reconfigure tzdata
Configure Ubuntu to use the Microsoft Repository Source
https://packages.microsoft.com/config/ubuntu/22.04/prod.list
https://packages.microsoft.com/config/ubuntu/21.10/prod.list
https://packages.microsoft.com/config/ubuntu/21.04/prod.list
Find out other available versions here:
https://packages.microsoft.com/config/ubuntu/
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/22.04/prod.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list
Install the Microsoft Decryption GPG Key
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/
Install the Microsoft Defender for Endpoint Linux Agent
In previous steps you added a custom Microsoft Repository source. You now need re-run the following command to make sure your Ubuntu machine is aware of new available packages.
sudo apt-get update
Now install the MDATP client by running
sudo apt-get install mdatp
Activate Microsoft Defender for Endpoint Linux Agent
In a previous step you downloaded the “MicrosoftDefenderATPOnBoarding.zip” for Linux file from your https://security.microsoft.com console.
Unzip and copy over the file MicrosoftDefenderATPOnboardingLinuxServer.py to your preferred location.
Run the script to activate Microsoft Defender for Endpoint Linux Agent
python3 MicrosoftDefenderATPOnboardingLinuxServer.py
Test Microsoft Defender for Endpoint Linux Agent
mdatp connectivity test
mdatp definitions update
mdatp health
reboot now
Great Job, the agent should start uploading telemetry to your console.
Leave a Reply