News

Linux Server Monitoring Comes to Microsoft Defender for Endpoint

Microsoft this week announced the release of a new endpoint detection and response (EDR) capability specifically for Linux servers in the Microsoft Defender for Endpoint product.

The EDR capability for Linux servers was first previewed back in November. Microsoft Defender for Endpoint (which was rebranded from "Microsoft Defender for Advanced Threat Protection") is a tool for protecting endpoints (devices), with the ability to conduct post-breach investigations.

The EDR capability for Microsoft Defender for Endpoint for Linux servers shows up in the Microsoft Defender Security Center portal for those organizations with the proper licensing. It works with the following Linux server distros:

  • RHEL 7.2+
  • CentOS Linux 7.2+
  • Ubuntu 16 LTS, or higher LTS
  • SLES 12+
  • Debian 9+
  • Oracle Linux 7.2

Microsoft Defender for Endpoint also supports macOS, Windows and mobile operating systems.

IT pros can leverage the EDR feature of the product for anti-virus detections, optimizing the CPU performance of applications and conducting forensic investigations. The tool has an "advanced hunting" capability that provides forensics on data as far back as 30 days. Users also have access to endpoint information via the EDR feature's "machine timeline, process creation, file creation, network connections, [and] login events" display capabilities.

Current users of the Microsoft Defender for Endpoint preview for Linux servers will "seamlessly receive the new EDR capability as soon as you update the agent to version 101.18.53 or higher," the announcement indicated. To use it, organizations need to have "access to the Microsoft Defender Security Center portal, beginner-level experience in Linux and BASH scripting, and administrative privileges on the device," Microsoft indicated in its documentation.

Microsoft Cloud Solution Provider partners sell the licensing for Microsoft Defender for Endpoint under various E5/A5 plans, according to a document's "licensing requirements" description.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus