Deploy Microsoft Defender for Endpoint on Linux with Ansible: A Step-by-Step Guide
Securing your Linux systems is critical in today's threat landscape. This guide simplifies the deployment and configuration of Microsoft Defender for Endpoint (MDE) on your Linux servers using Ansible. Learn how to quickly and efficiently protect your infrastructure against advanced threats with this powerful automation tool.
What is Microsoft Defender for Endpoint on Linux?
Microsoft Defender for Endpoint on Linux is a comprehensive endpoint security solution designed to prevent, detect, investigate, and respond to advanced threats targeting Linux environments. It provides a unified security platform, integrating seamlessly with your existing security infrastructure.
Prerequisites for Installation
Before you begin, ensure you have the following:
- A valid Microsoft Defender for Endpoint license.
- The
WindowsDefenderATPOnboardingPackage.zipfile, downloadable from the Microsoft Defender Security Center. Instructions can be found there. - A supported Linux distribution (see list below).
- Ansible installed and configured on your management workstation.
Supported Linux Distributions
This Ansible role supports the following distributions:
- AlmaLinux >= 8
- Amazon Linux 2023
- CentOS >= 8
- Debian >= 9
- Fedora >= 33
- Oracle Linux >= 8
- Red Hat Enterprise Linux >= 8
- Rocky Linux >= 8
- Ubuntu >= 20.04
Key Ansible Role Variables Explained
Customize your Microsoft Defender for Endpoint installation using these Ansible role variables:
mdatp_apt_package_version_hold: (Boolean) Prevent package upgrades withapt-mark hold. Default:false.mdatp_connectivity_test: (Boolean) Test connectivity to Microsoft services. Default:false.mdatp_health_test: (Boolean) Run a health test on the MDATP client. Default:true.mdatp_managed_json_template: (String) Apply amdatp_managed.jsontemplate (set to"true"to enable). Default:"false".mdatp_managed_json_location: (String) Path to themdatp_managed.jsontemplate. Default:"mdatp_managed.json.j2".mdatp_microsoft_repo_channel: (String) Microsoft repository channel (insiders-fast,insiders-slow, orprod). Default:"prod".mdatp_microsoft_repo_install_disable: (Boolean) Disable the installation of the Microsoft repository. Default:false.mdatp_onboarding_package_location: (String) Path to theWindowsDefenderATPOnboardingPackage.zipfile. Default:"WindowsDefenderATPOnboardingPackage.zip".mdatp_proxy_url: (String) Proxy URL for MDATP communication. Default:"".mdatp_state: (String) Desired state of MDATP (presentorabsent). Default:"present".mdatp_yum_package_version: (String) Lock the MDATP package to a specific version for DNF/YUM-based systems (e.g.,mdatp-101.24032.0007-1).
Streamline Configuration with Managed JSON Templates
Leverage mdatp_managed.json files for advanced configuration options.
- Customize settings to align with your specific security policies.
- Enable template application by setting
mdatp_managed_json_templateto"true". - Specify the template location using
mdatp_managed_json_location.
Enhance Security with Repository Management and Version Locking
- Control Repository Installation: Prevent automatic Microsoft repository install by setting
mdatp_microsoft_repo_install_disabletotrue. This is especially useful if you have your own established repository management system. - Lock Package Versions: Ensure consistent deployments by locking the MDATP package version:
- APT: Use
mdatp_apt_package_version_holdfor Debian-based systems. - YUM/DNF: Use
mdatp_yum_package_versionfor Red Hat-based systems.
- APT: Use
Configure Proxy Settings for Seamless Communication
Ensure Microsoft Defender for Endpoint can communicate effectively with Microsoft services, even behind a proxy.
- Define the
mdatp_proxy_urlvariable with the appropriate proxy address. - This setting automatically configures the MDATP systemd service file with the provided proxy.
Example Ansible Playbook for MDE Deployment
Here's a basic Ansible playbook to deploy Microsoft Defender for Endpoint:
Verify Health and Connectivity After Installation
This Ansible role includes options to test the MDATP client's health and connectivity to Microsoft services by setting mdatp_health_test and mdatp_connectivity_test to true. This allows you to confirm a successful installation and validate communication with the necessary endpoints.
Maximize Your Linux Security Posture Today
By using this Ansible role, you can dramatically simplify the deployment and configuration of Microsoft Defender for Endpoint on your Linux systems. Benefit from automated setup, centralized management, and consistent security policies across your entire infrastructure. Protect your Linux servers from evolving threats and maintain a robust security posture with ease.
