Defender for Endpoint Extends Support to ARM-Based Linux Servers

Listen to this Post

🐢▶️ Listen🚀

Microsoft has announced the General Availability (GA) of ARM-based Linux server support for Defender for Endpoint (MDE). This expansion covers multiple Linux distributions, including:
– Ubuntu
– Amazon Linux
– RHEL
– Oracle Linux
– SUSE Linux
– Debian

The move enhances security for ARM architecture environments, with plans to add more distributions soon.

🔗 Reference: Defender for Endpoint on ARM Linux | Microsoft Community Hub

You Should Know:

1. Installing Defender for Endpoint on ARM Linux

To deploy Microsoft Defender for Endpoint on an ARM-based Linux server, follow these steps:

Step 1: Register the Microsoft GPG Key

curl -o microsoft.asc https://packages.microsoft.com/keys/microsoft.asc
sudo rpm --import microsoft.asc

Step 2: Add the Microsoft Repository

For RHEL/Oracle Linux:

sudo tee /etc/yum.repos.d/microsoft-defender.repo <<EOF
[packages-microsoft-com-defender]
name=Microsoft Defender for Endpoint
baseurl=https://packages.microsoft.com/yumrepos/microsoft-defender/
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
EOF

For Ubuntu/Debian:

sudo apt install -y curl libplist-utils
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list
sudo mv microsoft.list /etc/apt/sources.list.d/microsoft-defender.list
sudo apt update

Step 3: Install Defender

sudo yum install mdatp  RHEL/Oracle/Amazon
sudo apt install mdatp  Ubuntu/Debian

Step 4: Configure & Activate

sudo mdatp --register --tag <YOUR_TAG> 
sudo systemctl enable --now mdatp 

2. Verify Installation

Check Defender status:

mdatp --health 

Expected output:

healthy: true 

3. Running a Manual Scan

sudo mdatp --scan --path /home 

4. Updating Defender

sudo yum update mdatp  RHEL-based 
sudo apt upgrade mdatp  Debian-based 

5. Logging & Troubleshooting

View logs:

journalctl -u mdatp -f 

What Undercode Say:

Microsoft’s expansion of Defender for Endpoint to ARM Linux is a major step in securing hybrid cloud environments. Key takeaways:
– ARM servers are increasingly used in cloud and edge computing.
– Defender now integrates with major Linux distributions.
– Automation via CLI ensures scalable deployments.

Additional Linux Security Commands:

• Check running processes: `ps aux | grep mdatp`
• Network connections: `ss -tulnp | grep defender`
• Kernel logs: `dmesg | grep -i security`
• File integrity checks: `sudo rpm -V mdatp`

Windows Defender Equivalent (For Comparison):

Get-MpComputerStatus 
Start-MpScan -ScanType Full 
Update-MpSignature 

Expected Output:

healthy: true 
definitions_version: 1.XXX.XXX 
product_version: 101.XX.XX 

🔗 Learn More: Microsoft Defender for Endpoint Docs

References:

Reported By: Yujiao Msft – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram