University Systems help centre

Install Microsoft Defender for Endpoint (MSDE): Linux

These instructions are provided for self-managed Linux workstations; Linux servers require a 'MSDE for Servers' license to be purchased prior to onboarding.

Prerequisites:

This process will require root access to complete.

Before to installing, ensure you meet the prerequisite Linux distribution. Forked distributions may work but are not supported by Microsoft should there be any issues: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux

If you have any other Antivirus product installed on your computer, it will need to be removed before you can install Microsoft Defender for Endpoint. 

Install:

1. Download the onboarding package: MSDE python install script 

2. Follow Microsoft's deployment instructions for your Linux distribution. In general, there are prerequisite packages to install, a MDATP agent to download and install, and the onboard python script to run. For supported distributions, Microsoft's automated bash install script makes this process simpler.

3. The Microsoft documentation also includes configuration commands and configuration profile information should you want to further configure settings such as scan settings or check connectivity.

For full protection, MSDE on Linux workstations should be configured as default with real time scanning enabled, cloud delivered protection enabled, automatic updates, and potentially unwanted applications blocked.

Notes:

If upgrading your Linux workstation to a new major OS version, MSDE needs to be removed before updating, and reinstalled after the update.

MSDE, Microsoft Defender for Endpoint is the same product as Microsoft Defender ATP (MDATP).