diff --git a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md index 6e470cda3f..0f89c94b76 100644 --- a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md +++ b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md @@ -14,7 +14,7 @@ ms.collection: - demo ms.topic: article ms.subservice: asr -ms.date: 02/16/2024 +ms.date: 10/11/2024 --- # Controlled folder access (CFA) demonstrations (block ransomware) @@ -44,10 +44,10 @@ Set-MpPreference -ControlledFolderAccessProtectedFolders C:\demo\ ## Rule states |State | Mode| Numeric value | -|:---|:---|:---| -| Disabled | = Off | 0 | -| Enabled | = Block mode | 1 | -| Audit | = Audit mode | 2 | +|---|---|---| +| Disabled | Off | 0 | +| Enabled | Block mode | 1 | +| Audit | Audit mode | 2 | ## Verify configuration @@ -63,65 +63,86 @@ Get-MpPreference ### Setup -Download and run this [setup script](https://demo.wd.microsoft.com/Content/CFA_SetupScript.zip). Before running the script set execution policy to Unrestricted using this PowerShell command: +Download and run this [setup script](https://demo.wd.microsoft.com/Content/CFA_SetupScript.zip). Before running the script, set execution policy to `Unrestricted` by using this PowerShell command: ```powershell Set-ExecutionPolicy Unrestricted ``` -You can perform these manual steps instead: +Or, you can perform these manual steps instead: -1. Create a folder under c: named demo, "c:\demo". +1. Create a folder under `c:` named `demo`, as in `c:\demo`. -2. Save this [clean file](https://demo.wd.microsoft.com/Content/testfile_safe.txt) into c:\demo (we need something to encrypt). +2. Save this [clean file](https://demo.wd.microsoft.com/Content/testfile_safe.txt) into `c:\demo` (we need something to encrypt). -3. Execute PowerShell commands listed earlier in this article. +3. Run the PowerShell commands listed earlier in this article. + +Next, check that status of the *Aggressive Ransomware Prevention* ASR rule and disable it for the duration of this test if it's enabled: -### Scenario 1: CFA blocks ransomware test file -1. Turn on CFA using PowerShell command: - ```powershell -Set-MpPreference -EnableControlledFolderAccess Enabled +$idx = $(Get-MpPreference).AttackSurfaceReductionRules_Ids.IndexOf("C1DB55AB-C21A-4637-BB3F-A12568109D35") +if ($idx -ge 0) {Write-Host "Rule Status: " $(Get-MpPreference).AttackSurfaceReductionRules_Actions[$idx]} else {Write-Host "Rule does not exist on this machine"} ``` -2. Add the demo folder to protected folders list using PowerShell command: +If the rule exists and the status is `1 (Enabled)` or `6 (Warn)`, it must be disabled to run this test: ```powershell -Set-MpPreference -ControlledFolderAccessProtectedFolders C:\demo\ +Add-MpPreference -AttackSurfaceReductionRules_Ids C1DB55AB-C21A-4637-BB3F-A12568109D35 -AttackSurfaceReductionRules_Actions Disabled ``` -3. Download the ransomware [test file](https://demo.wd.microsoft.com/Content/ransomware_testfile_unsigned.exe) -4. Execute the ransomware test file *this isn't ransomware, it simple tries to encrypt c:\demo +### Scenario 1: CFA blocks ransomware test file + +1. Turn on CFA using PowerShell command: + + ```powershell + Set-MpPreference -EnableControlledFolderAccess Enabled + ``` + +2. Add the demo folder to protected folders list using PowerShell command: + + ```powershell + Set-MpPreference -ControlledFolderAccessProtectedFolders C:\demo\ + ``` + +3. Download the ransomware [test file](https://demo.wd.microsoft.com/Content/ransomware_testfile_unsigned.exe). + +4. Execute the ransomware test file. Note that it isn't ransomware; it simply tries to encrypt `c:\demo`. #### Scenario 1 expected results -5 seconds after executing the ransomware test file you should see a notification CFA blocked the encryption attempt. +About five seconds after executing the ransomware test file, you should see a notification that CFA blocked the encryption attempt. ### Scenario 2: What would happen without CFA 1. Turn off CFA using this PowerShell command: -```powershell -Set-MpPreference -EnableControlledFolderAccess Disabled -``` + ```powershell + Set-MpPreference -EnableControlledFolderAccess Disabled + ``` -2. Execute the ransomware [test file](https://demo.wd.microsoft.com/Content/ransomware_testfile_unsigned.exe) +2. Execute the ransomware [test file](https://demo.wd.microsoft.com/Content/ransomware_testfile_unsigned.exe). #### Scenario 2 expected results -- The files in c:\demo are encrypted and you should get a warning message +- The files in `c:\demo` are encrypted and you should get a warning message - Execute the ransomware test file again to decrypt the files ## Clean-up -Download and run this [cleanup script](https://demo.wd.microsoft.com/Content/ASR_CFA_CleanupScript.zip). You can perform these manual steps instead: +1. Download and run this [cleanup script](https://demo.wd.microsoft.com/Content/ASR_CFA_CleanupScript.zip). You can perform these manual steps instead: -```powershell -Set-MpPreference -EnableControlledFolderAccess Disabled -``` + ```powershell + Set-MpPreference -EnableControlledFolderAccess Disabled + ``` + +2. Clean up `c:\demo` encryption by using the [encrypt/decrypt file](https://demo.wd.microsoft.com/Content/ransomware_cleanup_encrypt_decrypt.exe) + +3. If the *Aggressive Ransomware Prevention* ASR rule was enabled and you disabled it at the beginning of this test, enable it again: -Clean up c:\demo encryption by using the [encrypt/decrypt file](https://demo.wd.microsoft.com/Content/ransomware_cleanup_encrypt_decrypt.exe) + ```powershell + Add-MpPreference -AttackSurfaceReductionRules_Ids C1DB55AB-C21A-4637-BB3F-A12568109D35 -AttackSurfaceReductionRules_Actions Enabled + ``` ## See also diff --git a/defender-endpoint/device-control-policies.md b/defender-endpoint/device-control-policies.md index d2398dd9a1..59b8ed9557 100644 --- a/defender-endpoint/device-control-policies.md +++ b/defender-endpoint/device-control-policies.md @@ -4,7 +4,7 @@ description: Learn about Device control policies in Defender for Endpoint author: denisebmsft ms.author: deniseb manager: deniseb -ms.date: 09/18/2024 +ms.date: 10/11/2024 ms.topic: overview ms.service: defender-endpoint ms.subservice: asr @@ -136,7 +136,7 @@ The following code snippet shows the syntax for a device control policy rule in {3f5253e4-0e73-4587-bb9e-bb29a2171695} - + ... diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md index 5c893303c5..7b9f4a7b8e 100644 --- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md +++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md @@ -15,15 +15,15 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Deploy Defender for Endpoint on Linux with Chef **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR [!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)] diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md index 9f95385a71..c14fb7b48b 100644 --- a/defender-endpoint/linux-exclusions.md +++ b/defender-endpoint/linux-exclusions.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 07/31/2024 +ms.date: 10/11/2024 --- # Configure and validate exclusions for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 07/31/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) @@ -141,7 +140,7 @@ For more information, see [Set preferences for Defender for Endpoint on Linux](l Run the following command to see the available switches for managing exclusions: > [!NOTE] -> `--scope` is an optional flag with accepted value as `epp` or `global`. It provides the same scope used while adding the exclusion to remove the same exclusion. In the command line approach, if the scope isn’t mentioned, the scope value is set as `epp`. +> `--scope` is an optional flag with accepted value as `epp` or `global`. It provides the same scope used while adding the exclusion to remove the same exclusion. In the command line approach, if the scope isn't mentioned, the scope value is set as `epp`. > Exclusions added through CLI before the introduction of `--scope` flag remain unaffected and their scope is considered `epp`. ```bash diff --git a/defender-endpoint/linux-install-manually.md b/defender-endpoint/linux-install-manually.md index 7bb0dd1417..1c579463d5 100644 --- a/defender-endpoint/linux-install-manually.md +++ b/defender-endpoint/linux-install-manually.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 08/01/2024 +ms.date: 10/11/2024 --- # Deploy Microsoft Defender for Endpoint on Linux manually @@ -24,9 +24,8 @@ ms.date: 08/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md index 012590641e..78b3ae76bf 100644 --- a/defender-endpoint/linux-install-with-ansible.md +++ b/defender-endpoint/linux-install-with-ansible.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 09/19/2024 +ms.date: 10/11/2024 --- # Deploy Microsoft Defender for Endpoint on Linux with Ansible @@ -24,9 +24,8 @@ ms.date: 09/19/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md index 96a27fe229..afa003a609 100644 --- a/defender-endpoint/linux-install-with-puppet.md +++ b/defender-endpoint/linux-install-with-puppet.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 07/15/2024 +ms.date: 10/11/2024 --- # Deploy Microsoft Defender for Endpoint on Linux with Puppet @@ -25,9 +25,8 @@ ms.date: 07/15/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-install-with-saltack.md b/defender-endpoint/linux-install-with-saltack.md index 42e191961a..a51e066e70 100644 --- a/defender-endpoint/linux-install-with-saltack.md +++ b/defender-endpoint/linux-install-with-saltack.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 07/15/2024 +ms.date: 10/11/2024 --- # Deploy Microsoft Defender for Endpoint on Linux with Saltstack @@ -24,9 +24,8 @@ ms.date: 07/15/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-preferences.md b/defender-endpoint/linux-preferences.md index c80caa518c..84b1ad4fc7 100644 --- a/defender-endpoint/linux-preferences.md +++ b/defender-endpoint/linux-preferences.md @@ -6,7 +6,7 @@ ms.service: defender-endpoint ms.author: deniseb author: denisebmsft ms.localizationpriority: medium -ms.date: 08/28/2024 +ms.date: 10/11/2024 manager: deniseb audience: ITPro ms.collection: @@ -25,9 +25,8 @@ search.appverid: met150 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-privacy.md b/defender-endpoint/linux-privacy.md index cbef2bb3b7..62daf44e90 100644 --- a/defender-endpoint/linux-privacy.md +++ b/defender-endpoint/linux-privacy.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Privacy for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-pua.md b/defender-endpoint/linux-pua.md index aeefebea13..55bce25d52 100644 --- a/defender-endpoint/linux-pua.md +++ b/defender-endpoint/linux-pua.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Linux @@ -25,9 +25,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-resources.md b/defender-endpoint/linux-resources.md index f35d5f7e27..73bfd5213b 100644 --- a/defender-endpoint/linux-resources.md +++ b/defender-endpoint/linux-resources.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 10/03/2024 +ms.date: 10/11/2024 --- # Resources @@ -25,9 +25,8 @@ ms.date: 10/03/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-schedule-scan-mde.md b/defender-endpoint/linux-schedule-scan-mde.md index 0db471d8d8..ca5c98019d 100644 --- a/defender-endpoint/linux-schedule-scan-mde.md +++ b/defender-endpoint/linux-schedule-scan-mde.md @@ -15,16 +15,15 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Schedule scans with Microsoft Defender for Endpoint (Linux) **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) - +- Microsoft Defender for Servers +- Microsoft Defender XDR To run a scan for Linux, see [Supported Commands](linux-resources.md#supported-commands). diff --git a/defender-endpoint/linux-static-proxy-configuration.md b/defender-endpoint/linux-static-proxy-configuration.md index 135ea57c0c..adab3cf9fc 100644 --- a/defender-endpoint/linux-static-proxy-configuration.md +++ b/defender-endpoint/linux-static-proxy-configuration.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Configure Microsoft Defender for Endpoint on Linux for static proxy discovery @@ -24,9 +24,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-support-connectivity.md b/defender-endpoint/linux-support-connectivity.md index 79b014642d..18976784f9 100644 --- a/defender-endpoint/linux-support-connectivity.md +++ b/defender-endpoint/linux-support-connectivity.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-support-ebpf.md b/defender-endpoint/linux-support-ebpf.md index 8088745d32..bd91e9d0ef 100644 --- a/defender-endpoint/linux-support-ebpf.md +++ b/defender-endpoint/linux-support-ebpf.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 09/07/2024 +ms.date: 10/11/2024 --- # Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 09/07/2024 **Applies to:** -- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR - > [!NOTE] > Starting with Defender for Endpoint on Linux, version `101.2408.0000`, AuditD is no longer be supported as a supplementary event provider. For more information, see the FAQs at the end of this article. @@ -202,7 +201,7 @@ The extended Berkeley Packet Filter (eBPF) for Microsoft Defender for Endpoint o - Resource Efficiency: eBPF uses fewer resources, which helps maintain system stability even under heavy load conditions. -- Scalability: eBPF’s architecture is more scalable, making it a better choice for environments with growing or complex workloads. +- Scalability: eBPF's architecture is more scalable, making it a better choice for environments with growing or complex workloads. - Modern Technology: eBPF represents a modern, forward-looking technology that aligns with future Linux kernel developments, ensuring better long-term support. diff --git a/defender-endpoint/linux-support-events.md b/defender-endpoint/linux-support-events.md index 58ed63079c..28024f4c8b 100644 --- a/defender-endpoint/linux-support-events.md +++ b/defender-endpoint/linux-support-events.md @@ -16,7 +16,7 @@ ms.custom: admindeeplinkDEFENDER ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux @@ -25,9 +25,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR This article provides some general steps to mitigate missing events or alerts in the Microsoft Defender portal. diff --git a/defender-endpoint/linux-support-install.md b/defender-endpoint/linux-support-install.md index 6cd565f1da..ffc528bb1c 100644 --- a/defender-endpoint/linux-support-install.md +++ b/defender-endpoint/linux-support-install.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-support-offline-security-intelligence-update.md b/defender-endpoint/linux-support-offline-security-intelligence-update.md index 86939a40da..c5ec55736b 100644 --- a/defender-endpoint/linux-support-offline-security-intelligence-update.md +++ b/defender-endpoint/linux-support-offline-security-intelligence-update.md @@ -15,7 +15,7 @@ ms.collection: - mde-linux ms.topic: conceptual search.appverid: met150 -ms.date: 08/27/2024 +ms.date: 10/11/2024 --- # Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 08/27/2024 **Applies to:** -- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR This document describes the Offline Security Intelligence Update feature of Microsoft Defender for Endpoint on Linux. @@ -177,22 +176,22 @@ Once the Mirror Server is set up, we need to propagate this URL to the Linux end - Use the following sample `mdatp_managed.json` and update the parameters as per the configuration and copy the file to the location `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`. -```json -{ - "cloudService": { - "automaticDefinitionUpdateEnabled": true, - "definitionUpdatesInterval": 1202 - }, - "antivirusEngine": { - "offlineDefinitionUpdateUrl": "http://172.22.199.67:8000/linux/production/", - "offlineDefintionUpdateFallbackToCloud":false, - "offlineDefinitionUpdate": "enabled" - }, -"features": { -"offlineDefinitionUpdateVerifySig": "enabled" -} -} -``` + ```json + { + "cloudService": { + "automaticDefinitionUpdateEnabled": true, + "definitionUpdatesInterval": 1202 + }, + "antivirusEngine": { + "offlineDefinitionUpdateUrl": "http://172.22.199.67:8000/linux/production/", + "offlineDefintionUpdateFallbackToCloud":false, + "offlineDefinitionUpdate": "enabled" + }, + "features": { + "offlineDefinitionUpdateVerifySig": "enabled" + } + } + ``` | Field Name | Values | Comments | |-------------------------------------------|----------------------|-----------------------------------------------------| diff --git a/defender-endpoint/linux-support-perf.md b/defender-endpoint/linux-support-perf.md index e910e9ccd7..849786a1cd 100644 --- a/defender-endpoint/linux-support-perf.md +++ b/defender-endpoint/linux-support-perf.md @@ -6,7 +6,7 @@ ms.author: deniseb author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium -ms.date: 05/01/2024 +ms.date: 10/11/2024 manager: deniseb audience: ITPro ms.collection: @@ -24,10 +24,8 @@ search.appverid: met150 **Applies to:** -- [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-support-rhel.md b/defender-endpoint/linux-support-rhel.md index 82d04e9492..5a2477db78 100644 --- a/defender-endpoint/linux-support-rhel.md +++ b/defender-endpoint/linux-support-rhel.md @@ -15,7 +15,7 @@ ms.collection: - mde-linux ms.topic: conceptual ms.subservice: linux -ms.date: 05/01/2024 +ms.date: 10/11/2024 --- # Troubleshoot issues for Microsoft Defender for Endpoint on Linux RHEL6 @@ -24,9 +24,8 @@ ms.date: 05/01/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR [!include[Prerelease information](../includes/prerelease.md)] diff --git a/defender-endpoint/linux-update-mde-linux.md b/defender-endpoint/linux-update-mde-linux.md index ad36907588..1c4c54f5a0 100644 --- a/defender-endpoint/linux-update-mde-linux.md +++ b/defender-endpoint/linux-update-mde-linux.md @@ -15,15 +15,15 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 01/26/2024 +ms.date: 10/11/2024 --- # Schedule an update of the Microsoft Defender for Endpoint (Linux) **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR To run an update on Microsoft Defender for Endpoint on Linux, see [Deploy updates for Microsoft Defender for Endpoint on Linux](linux-updates.md). diff --git a/defender-endpoint/linux-updates.md b/defender-endpoint/linux-updates.md index 008da06f80..a8bb1ee23d 100644 --- a/defender-endpoint/linux-updates.md +++ b/defender-endpoint/linux-updates.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 07/10/2024 +ms.date: 10/11/2024 --- # Deploy updates for Microsoft Defender for Endpoint on Linux @@ -25,9 +25,8 @@ ms.date: 07/10/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/defender-endpoint/linux-whatsnew.md b/defender-endpoint/linux-whatsnew.md index fce594e31f..86f9a56186 100644 --- a/defender-endpoint/linux-whatsnew.md +++ b/defender-endpoint/linux-whatsnew.md @@ -6,7 +6,7 @@ ms.author: deniseb author: denisebmsft ms.reviewer: kumasumit, gopkr ms.localizationpriority: medium -ms.date: 09/20/2024 +ms.date: 10/11/2024 manager: deniseb audience: ITPro ms.collection: @@ -25,8 +25,8 @@ search.appverid: met150 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR This article is updated frequently to let you know what's new in the latest releases of Microsoft Defender for Endpoint on Linux. @@ -36,9 +36,9 @@ This article is updated frequently to let you know what's new in the latest rele > [!IMPORTANT] > Starting with version `101.2408.0000`, Microsoft defender for Endpoint for Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. This change allows for better performance, reduced resource consumption, and overall improved stability. eBPF support has been available since August 2023 and is fully integrated into all updates of Defender for Endpoint on Linux (version `101.23082.0006` and later). We strongly encourage you to adopt the eBPF build, as it provides significant enhancements over Auditd. If eBPF is not supported on your machines, or if there are specific requirements to remain on Auditd, you have the following options: > -> 1. Continue to use Defender for Endpoint on Linux build `101.24072.0000` with Auditd. This build will continue to be supported for several months, so you have time to plan and execute your migration to eBPF. +> 1. Continue to use Defender for Endpoint on Linux build `101.24072.0000` with Auditd. This build will continue to be supported for several months, so you have time to plan and execute your migration to eBPF. > -> 2. If you are on versions later than `101.24072.0000`, Defender for Endpoint on Linux relies on `netlink` as a backup supplementary event provider. In the event of a fallback, all process operations continue to flow seamlessly. +> 2. If you are on versions later than `101.24072.0000`, Defender for Endpoint on Linux relies on `netlink` as a backup supplementary event provider. In the event of a fallback, all process operations continue to flow seamlessly. > > Review your current Defender for Endpoint on Linux deployment, and begin planning your migration to the eBPF-supported build. For more information on eBPF and how it works, see [Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-support-ebpf). > diff --git a/defender-endpoint/mac-install-with-intune.md b/defender-endpoint/mac-install-with-intune.md index ef59e4905c..ad440980f3 100644 --- a/defender-endpoint/mac-install-with-intune.md +++ b/defender-endpoint/mac-install-with-intune.md @@ -2,9 +2,10 @@ title: Intune-based deployment for Microsoft Defender for Endpoint on Mac description: Install Microsoft Defender for Endpoint on Mac, using Microsoft Intune. ms.service: defender-endpoint -author: YongRhee-MSFT -ms.author: yongrhee +author: denisebmsft +ms.author: deniseb manager: deniseb +ms.reviewer: yongrhee ms.localizationpriority: medium audience: ITPro ms.collection: @@ -14,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: macos search.appverid: met150 -ms.date: 09/12/2024 +ms.date: 10/11/2024 --- # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune @@ -71,11 +72,9 @@ In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2 1. Select **Create**. -1. On the **Basics** tab, **Name** the profile and enter a **Description.** +1. On the **Basics** tab, **Name** the profile and enter a **Description.** Then select **Next**. -1. Select **Next**. - -1. On the **Configuration settings tab,** select **+Add settings.** +1. On the **Configuration settings tab,** select **+ Add settings.** 1. Under **Template name**, select **Extensions**. @@ -85,7 +84,7 @@ In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2 1. Close the Settings picker, and then select **+ Edit instance**. -1. Configure the following entries in the **Allowed system extensions** section: +1. Configure the following entries in the **Allowed system extensions** section, and then select **Next**. |Allowed System Extensions|Team Identifier| |---|---| @@ -94,8 +93,6 @@ In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2 ![Screenshot showing allowed system extensions](media/mac-install-with-intune/image003.png) -1. Select **Next**. - 1. On the **Assignments** tab, assign the profile to a group where the macOS devices or users are located. 1. Review the configuration profile. Select **Create**. @@ -113,27 +110,25 @@ To configure your network filter: 1. Under **Configuration profiles**, select **Create Profile**. -2. Under **Platform**, select **macOS**. - -3. Under **Profile type**, select **Templates**. +1. Under **Platform**, select **macOS**. -4. Under **Template name**, select **Custom**. +1. Under **Profile type**, select **Templates**. -5. Select **Create**. +1. Under **Template name**, select **Custom**. -6. On the **Basics** tab, **Name** the profile. For example, `NetFilter-prod-macOS-Default-MDE`. +1. Select **Create**. -7. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `NetFilter-prod-macOS-Default-MDE`. Then, select **Next**. -8. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `NetFilter-prod-macOS-Default-MDE`. +1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `NetFilter-prod-macOS-Default-MDE`. -9. Choose a Deployment channel and select **Next**. +1. Choose a **Deployment channel** and select **Next**. -10. Select **Next**. +1. Select a **Configuration profile file**, and then select **Next**. -11. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or **All Users** and **All devices**. +1. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or **All Users** and **All devices**. -12. Review the configuration profile. Select **Create**. +1. Review the configuration profile. Select **Create**. ### Step 3: Full Disk Access @@ -154,9 +149,7 @@ To configure Full Disk Access: 1. Under **Template name**, select **Custom**, and then select **Create**. -1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`. - -1. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`. Then select **Next**. 1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `FullDiskAccess-prod-macOS-Default-MDE`. @@ -190,15 +183,11 @@ To configure background services: 1. Select **Create**. -1. On the **Basics** tab, **Name** the profile. For example, `BackgroundServices-prod-macOS-Default-MDE`. - -1. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `BackgroundServices-prod-macOS-Default-MDE`. Then select **Next**. 1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `backgroundServices-prod-macOS-Default-MDE`. -1. Choose a **Deployment channel**. - -1. Select **Next**. +1. Choose a **Deployment channel** and select **Next**. 1. Select a **Configuration profile file**. @@ -228,9 +217,7 @@ To configure notifications: 1. Select **Create**. -1. On the **Basics** tab, **Name** the profile. For example, `BackgroundServices-prod-macOS-Default-MDE`. - -1. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `BackgroundServices-prod-macOS-Default-MDE`. Then select **Next**. 1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Notif.mobileconfig`. @@ -258,15 +245,11 @@ Download [accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/b 1. Select **Create**. -1. On the **Basics** tab, **Name** the profile. For example, `Accessibility-prod-macOS-Default-MDE`. - -1. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `Accessibility-prod-macOS-Default-MDE`. Then select **Next**. 1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Accessibility.mobileconfig`. -1. Choose a **Deployment channel**. - -1. Select **Next**. +1. Choose a **Deployment channel** and select **Next**. 1. Select a **Configuration profile file**. @@ -309,15 +292,11 @@ Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blo 1. Select **Create**. -1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`. - -1. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`. Then select **Next**. 1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`. -1. Choose a **Deployment channel**. - -1. Select **Next**. +1. Choose a **Deployment channel** and select **Next**. 1. Select a **Configuration profile file**. @@ -349,12 +328,10 @@ For more information about managing security settings, see: - [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration?pivots=mdssc-ga) - [Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617) + > [!NOTE] -> If managed via Intune, it will not allow for the device to register via the Microsoft Defender for Endpoint Security Settings Management ([Microsoft Defender XDR portal (https://security.microsoft.com)](Microsoft Defender XDR portal (https://security.microsoft.com) or)). +> If the device is managed via Intune, the device won't register via Defender for Endpoint Security Settings Management in the [Microsoft Defender portal](https://security.microsoft.com). Only the policies set via Intune take effect. -> [!IMPORTANT] -> Important -> Only the policies set via Intune will take effect, and the Microsoft Defender for Endpoint Security Settings Management will not be used. #### **Set policies using Microsoft Intune** You can manage the security settings for Microsoft Defender for Endpoint on macOS under **Setting Preferences** in Microsoft Intune. @@ -482,7 +459,7 @@ For more information, see [Add Microsoft Defender for Endpoint to macOS devices To download the onboarding packages from Microsoft 365 Defender portal: -1. In the Microsoft 365 Defender portal, go to **Settings** > **Endpoints** > **Device management** > **Onboarding**. +1. In the Microsoft 365 Defender portal, go to **System** > **Settings** > **Endpoints** > **Device management** > **Onboarding**. 2. Set the operating system to **macOS** and the deployment method to **Mobile Device Management / Microsoft Intune**. @@ -524,15 +501,13 @@ To deploy the onboarding package: :::image type="content" source="../defender-endpoint/media/mdatp-6-systemconfigurationprofiles-1.png" alt-text="Screenshot that shows the deploy onboarding package." lightbox="../defender-endpoint/media/mdatp-6-systemconfigurationprofiles-1.png"::: -1. On the **Basics** tab, **Name** the profile. For example, `Autoupdate-prod-macOS-Default-MDE`. Select **Next**. +1. On the **Basics** tab, **Name** the profile. For example, `Onboarding-prod-macOS-Default-MDE`. Select **Next**. :::image type="content" source="../defender-endpoint/media/mdatp-6-systemconfigurationprofiles-2.png" alt-text="Screenshot that shows the Custom page." lightbox="../defender-endpoint/media/mdatp-6-systemconfigurationprofiles-2.png"::: -1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `Autoupdate.mobileconfig`. - -1. Choose a **Deployment channel**. +1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `WindowsDefenderATPOnboarding`. -1. Select **Next**. +1. Choose a **Deployment channel** and select **Next**. 1. Select a **Configuration profile file**. @@ -576,15 +551,3 @@ For information on troubleshooting procedures, see: See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint on macOS from client devices. -## Recommended content - -|Article | Description | -|---|---| -| [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](/mem/intune/apps/apps-advanced-threat-protection-macos?source=recommendations) | Learn about adding Microsoft Defender for Endpoint to macOS devices using Microsoft Intune | -| [Examples of device control policies for Intune](mac-device-control-intune.md) | Learn how to use device control policies using examples that can be used with Intune | -| [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md) | Describes how to deploy Microsoft Defender for Endpoint on iOS features | -| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md) | Describes how to deploy Microsoft Defender for Endpoint on iOS using an app | -| [Configure Microsoft Defender for Endpoint in Microsoft Intune](/mem/intune/protect/advanced-threat-protection-configure?source=recommendations) | Describes connecting to Defender for Endpoint, onboarding devices, assigning compliance for risk levels, and conditional access policies | -| [Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS](ios-troubleshoot.md) | Troubleshooting and FAQ - Microsoft Defender for Endpoint on iOS | -| [Configure Microsoft Defender for Endpoint on Android features](android-configure.md) | Describes how to configure Microsoft Defender for Endpoint on Android | -| [Manage Defender for Endpoint on Android devices in Intune - Azure](/mem/intune/protect/advanced-threat-protection-manage-android?source=recommendations) | Configure Microsoft Defender for Endpoint web protection on Android devices managed by Microsoft Intune | diff --git a/defender-endpoint/mde-linux-deployment-on-sap.md b/defender-endpoint/mde-linux-deployment-on-sap.md index 507be4f3bc..882c8fc210 100644 --- a/defender-endpoint/mde-linux-deployment-on-sap.md +++ b/defender-endpoint/mde-linux-deployment-on-sap.md @@ -24,7 +24,8 @@ ms.custom: **Applies to:** -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- Microsoft Defender for Servers +- Microsoft Defender XDR This article provides deployment guidance for Microsoft Defender for Endpoint on Linux for SAP. This article includes recommended SAP OSS (Online Services System) notes, the system requirements, prerequisites, important configuration settings, recommended antivirus exclusions, and guidance on scheduling antivirus scans. diff --git a/defender-endpoint/microsoft-defender-endpoint-linux.md b/defender-endpoint/microsoft-defender-endpoint-linux.md index e152f39eb1..3ac6de9857 100644 --- a/defender-endpoint/microsoft-defender-endpoint-linux.md +++ b/defender-endpoint/microsoft-defender-endpoint-linux.md @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 10/07/2024 +ms.date: 10/11/2024 --- # Microsoft Defender for Endpoint on Linux @@ -24,9 +24,8 @@ ms.date: 10/07/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) @@ -77,11 +76,11 @@ In general you need to take the following steps: ### System requirements - Disk space: 2 GB -> [!NOTE] -> An additional 2 GB disk space might be needed if cloud diagnostics are enabled for crash collections. Please make sure that you have free disk space in /var. + > [!NOTE] + > An additional 2 GB disk space might be needed if cloud diagnostics are enabled for crash collections. Please make sure that you have free disk space in /var. - Cores: 2 minimum, 4 preferred -> [!NOTE] -> If you are on Passive or RTP ON mode, 2 Cores are minimum and 4 Cores are preferred. If you are turning on BM, then a minimum of 4 Cores is required. + > [!NOTE] + > If you are on Passive or RTP ON mode, 2 Cores are minimum and 4 Cores are preferred. If you are turning on BM, then a minimum of 4 Cores is required. - Memory: 1 GB minimum, 4 preferred - List of supported Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions: - Red Hat Enterprise Linux 6.7 or higher (In preview) diff --git a/defender-endpoint/mtd.md b/defender-endpoint/mtd.md index 59afcae8d1..3f83ea92b6 100644 --- a/defender-endpoint/mtd.md +++ b/defender-endpoint/mtd.md @@ -4,10 +4,10 @@ ms.reviewer: tdoucette, sunasing description: Overview of Mobile Threat Defense in Microsoft Defender for Endpoint ms.service: defender-endpoint ms.subservice: onboard -ms.author: deniseb -author: denisebmsft +ms.author: denishdonga +author: denishdonga27 ms.localizationpriority: medium -ms.date: 09/05/2024 +ms.date: 10/11/2024 manager: deniseb audience: ITPro ms.collection: @@ -62,21 +62,46 @@ The following table summarizes how to deploy Microsoft Defender for Endpoint on - [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md), and - [Overview of Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md) -**Android** +## Supported Android enrollment Scenarios -|Enrollment type |Details | -|--------------------|-------------| -|Android Enterprise with Intune |[Deploy on Android Enterprise enrolled devices](android-intune.md#deploy-on-android-enterprise-enrolled-devices)| -|Device Administrator with Intune |[Deploy on Device Administrator enrolled devices](android-intune.md#deploy-on-device-administrator-enrolled-devices)| -|Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM)|[Configure Defender risk signals in app protection policy (MAM)](android-configure-mam.md)| +|Scenarios|Company portal app required on the device?|Protection Profile/Prerequisites|How to deploy| +| -------- | -------- | -------- | -------- | +|Android Enterprise personally owned devices using a work profile|Yes| Protects only the work profile section. [Learn more about the work profile](/mem/intune/apps/android-deployment-scenarios-app-protection-work-profiles)|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices) | +|Android Enterprise personally owned devices using a personal profile|Yes| Protects the personal profile. When a customer has a scenario with work profile as well then it protects the entire device. Note the following: The company portal app must be enabled on personal profile and the Microsoft Defender must be already installed and active in work profile to enable Microsoft Defender in personal profile.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#set-up-microsoft-defender-in-personal-profile-on-android-enterprise-in-byod-mode)| +|Android Enterprise corporate owned work profile (COPE)|Yes|Protects only the work profile section. The Company Portal app and Microsoft Intune app both are automatically installed. | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices) | +|Android Enterprise corporate owned fully managed - no work profile (COBO)|Yes|Protects the entire device. The Company Portal app and Microsoft Intune app both are automatically installed.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices)| +|MAM|Yes, (need to just install, setup is not required) | Protects only enrolled apps. MAM supports with/without Device enrollment or enrolled with third party Enterprise Mobility Management.|[Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](android-configure-mam.md)| +|Device Administrator|Yes|Intune is ending support for android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-device-administrator-enrolled-devices)| -**iOS** -|Enrollment type |Details | -|--------------------|-------------| -|Supervised devices with Intune |1. [Deploy as iOS store app](ios-install.md)
2. [Setup Web Protection without VPN for supervised iOS devices](ios-install.md#complete-deployment-for-supervised-devices)| -|Unsupervised (BYOD) devices enrolled with Intune |[Deploy as iOS store app](ios-install.md)| -|Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM)|[Configure Defender risk signals in app protection policy (MAM)](ios-install-unmanaged.md)| +### Unsupported Android enrollment scenarios +These scenarios are not currently supported: +- **Android Enterprise corporate-owned Personal profile** +- **Android Enterprise corporate owned dedicated devices (COSU) (Kiosk/Shared)** +- **Android Open-Source Project (AOSP)** + +## Supported iOS enrollment Scenarios + +|Scenarios|Company portal app required on the device?|Protection Profile/Prerequisites|How to deploy| +| -------- | -------- | -------- | -------- | +|Supervised Devices (ADE and Apple Configurator Enrollment|Yes|Protects the entire device. For ADE, if users who use Just in Time (JIT) registration, the Company portal app is not required because app will enroll the device automatically by connecting to Intune server| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#deployment-steps-applicable-for-both-supervised-and-unsupervised-devices) | +|Unsupervised Devices (Device Enrollment)|Yes|Protects the entire device. For web-based device enrollment, the company portal app is not required because after the managed app signs in, the app downloads configuration policies directly and not the company portal app)|[Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#deployment-steps-applicable-for-both-supervised-and-unsupervised-devices)| +|Unsupervised Devices (User Enrollment)|Yes|Protects work data only. The VPN has access to entire device, and the VPN can scan all app traffic|[Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#user-enrollment-setup-only-for-intune-user-enrolled-devices)| +|MAM|No|Protects only enrolled apps. The VPN has access to entire device and can scan all app traffic)|[Deploy Microsoft Defender for Endpoint on iOS with Mobile Application Management](ios-install-unmanaged.md)| + +### Unsupported iOS enrollment scenarios +iOS Dedicated/shared/kiosk device enrollment is not supported. + +### Android low touch onboarding supported scenarios + +1. Android Enterprise personally owned devices using a work profile +1. Android Enterprise corporate owned work profile (COPE) +1. Android Enterprise corporate owned fully managed - No work profile (COBO) + +### iOS zero touch onboarding supported scenarios + +1. Supervised Devices (ADE and Apple Configurator Enrollment) +1. Unsupervised Devices (Device Enrollment) ### End-user onboarding diff --git a/defender-endpoint/network-protection-linux.md b/defender-endpoint/network-protection-linux.md index f7b16434b4..4e69d64978 100644 --- a/defender-endpoint/network-protection-linux.md +++ b/defender-endpoint/network-protection-linux.md @@ -23,9 +23,8 @@ ms.date: 10/08/2024 **Applies to:** -- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) -- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -- [Microsoft Defender XDR](/defender-xdr) +- Microsoft Defender for Servers +- Microsoft Defender XDR > [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. diff --git a/defender-vulnerability-management/fixed-reported-inaccuracies.md b/defender-vulnerability-management/fixed-reported-inaccuracies.md index 6964ed8323..4538fc3c2c 100644 --- a/defender-vulnerability-management/fixed-reported-inaccuracies.md +++ b/defender-vulnerability-management/fixed-reported-inaccuracies.md @@ -13,7 +13,7 @@ ms.collection: - tier2 ms.localizationpriority: medium ms.topic: troubleshooting -ms.date: 09/19/2024 +ms.date: 10/11/2024 --- # Vulnerability support in Microsoft Defender Vulnerability Management @@ -32,6 +32,12 @@ This article provides information on inaccuracies that have been reported. You c The following tables present the relevant vulnerability information organized by month: +## October 2024 + +| Inaccuracy report ID | Description | Fix date | +|---|---|---| +| - | Fixed inaccuracy in Microsoft LibDB & NSS vulnerabilities | 03-Oct-24 | + ## September 2024 | Inaccuracy report ID | Description | Fix date | @@ -60,6 +66,9 @@ The following tables present the relevant vulnerability information organized by | - | Added Microsoft Defender Vulnerability Management support to Kusto Explorer | 11-Sept-24 | | - | Fixed bad detections in Greenshot | 11-Sept-24 | | 71056 | Fixed inaccuracy in ExpressVPN | 11-Sept-24 | +| - | Fixed inaccuracy in VMware vulnerabilities - CVE-2024-37085 & CVE-2024-37086 | 23-Sep-24 | +| - | Fixed inaccuracy in Perl vulnerability - CVE-2022-48522 | 24-Sep-24 | +| - | Added detection logic to include a mitigation check (specifically, for IPv6 being disabled) for CVE-2024-38063 | 30-Sep-24 | ## August 2024