© 2021 www.richardwalz.com
Richard Walz
All rights reserved.

How to Install Microsoft Defender for Endpoint on Ubuntu Linux

Preface

I am going to be installing Microsoft Defender for Endpoint onto an Ubuntu 22.04.01 machine.

Prerequisites

  • Download the OnBoarding Linux Script
  • Ability to elevate to sudo account

Install the following packages onto the machine

sudo apt-get update
sudo apt-get install curl
sudo apt-get install libplist-utils
sudo apt-get install apt-transport-https
sudo apt-get install gpg
sudo apt-get install ntp

Configure your local timezone by following the prompts

sudo dpkg-reconfigure tzdata

Configure Ubuntu to use the Microsoft Repository Source

https://packages.microsoft.com/config/ubuntu/22.04/prod.list
https://packages.microsoft.com/config/ubuntu/21.10/prod.list
https://packages.microsoft.com/config/ubuntu/21.04/prod.list

Find out other available versions here:
https://packages.microsoft.com/config/ubuntu/

curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/22.04/prod.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list

Install the Microsoft Decryption GPG Key

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/

Install the Microsoft Defender for Endpoint Linux Agent

In previous steps you added a custom Microsoft Repository source. You now need re-run the following command to make sure your Ubuntu machine is aware of new available packages.

sudo apt-get update

Now install the MDATP client by running

sudo apt-get install mdatp

Activate Microsoft Defender for Endpoint Linux Agent

In a previous step you downloaded the “MicrosoftDefenderATPOnBoarding.zip” for Linux file from your https://security.microsoft.com console.

Unzip and copy over the file MicrosoftDefenderATPOnboardingLinuxServer.py to your preferred location.

Run the script to activate Microsoft Defender for Endpoint Linux Agent

python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Test Microsoft Defender for Endpoint Linux Agent

mdatp connectivity test
mdatp definitions update
mdatp health
reboot now

Great Job, the agent should start uploading telemetry to your console.