How to Install Microsoft Defender for Endpoint on Ubuntu Linux

By Richard August 22, 2022 2 Min Read

Last Updated: August 22, 2022

Preface

I am going to be installing Microsoft Defender for Endpoint onto an Ubuntu 22.04.01 machine.

Prerequisites

Download the OnBoarding Linux Script
Ability to elevate to sudo account

Install the following packages onto the machine

sudo apt-get update
sudo apt-get install curl
sudo apt-get install libplist-utils
sudo apt-get install apt-transport-https
sudo apt-get install gpg
sudo apt-get install ntp

Configure your local timezone by following the prompts

sudo dpkg-reconfigure tzdata

Configure Ubuntu to use the Microsoft Repository Source

https://packages.microsoft.com/config/ubuntu/22.04/prod.list
https://packages.microsoft.com/config/ubuntu/21.10/prod.list
https://packages.microsoft.com/config/ubuntu/21.04/prod.list

Find out other available versions here:
https://packages.microsoft.com/config/ubuntu/

curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/22.04/prod.list
sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list

Install the Microsoft Decryption GPG Key

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/

Install the Microsoft Defender for Endpoint Linux Agent

In previous steps you added a custom Microsoft Repository source. You now need re-run the following command to make sure your Ubuntu machine is aware of new available packages.

sudo apt-get update

Now install the MDATP client by running

sudo apt-get install mdatp

Activate Microsoft Defender for Endpoint Linux Agent

In a previous step you downloaded the “MicrosoftDefenderATPOnBoarding.zip” for Linux file from your https://security.microsoft.com console.

Unzip and copy over the file MicrosoftDefenderATPOnboardingLinuxServer.py to your preferred location.

Run the script to activate Microsoft Defender for Endpoint Linux Agent

python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Test Microsoft Defender for Endpoint Linux Agent

mdatp connectivity test
mdatp definitions update
mdatp health
reboot now

Great Job, the agent should start uploading telemetry to your console.

How to Install Microsoft Defender for Endpoint on Ubuntu Linux

Prerequisites

Configure Ubuntu to use the Microsoft Repository Source

Install the Microsoft Decryption GPG Key

Install the Microsoft Defender for Endpoint Linux Agent

Activate Microsoft Defender for Endpoint Linux Agent

Test Microsoft Defender for Endpoint Linux Agent

How to configure, manage and enable IE Mode for MS Edge. The missing guide.

How to fix VMware Windows bluescreen stop error code 0xc00002e2

Why authenticated vulnerability scans are important and when to use non-authenticated scans.

A Good Security Operations Center (SOC) should be enriching raw security telemetry and not just alerts.