Microsoft Defender is getting better at protecting Linux endpoints

Microsoft Defender for Endpoint (MDE) has been improved for Linux users, who will now be able to isolate their machines from their network.

Microsoft Corporation blog or note The post explained how the update is designed to prevent attackers from installing malware or otherwise gaining access to Linux systems, for data mining and lateral movement for example.

It works the same way it does for Windows users, by disconnecting from the network but staying connected to the MDE network.

Linux Endpoint Defender

The company has made it clear that to use MDE for Linux, users should consider using a split-tunneling VPN. This would allow it and its cloud-based protection to remain active, otherwise the quarantined machine would only be able to access certain web destinations. she says:

Devices behind a full VPN tunnel will no longer be able to access the Microsoft Defender for Endpoint cloud service after the device is isolated.

The post also continues to discuss Linux distributions Support for additional capabilities, including Ubuntu 16.04 LTS or higher, and Fedora 33 or higher. A complete list of system requirements can be found on the company’s website website.

There are two ways for users to quarantine their devices: The simplest way is to go to the Microsoft 365 Defender portal and select Device Quarantine on the Device page. There is also a set of API guidelines for Device isolation And Release the device from isolation.

Microsoft has continued to tweak Endpoint Protection for Linux devices since it became available to Linux users in June 2020, after a five-month public preview period. The company hasn’t disclosed any information regarding the general availability of MDE isolation for Linux distributions, but it’s eager to hear about users’ experiences as it continues to develop the tool.

• Do you need a hardware upgrade? These are the best business laptops out there