Microsoft Defender is getting much better at protecting Linux endpoints
Microsoft Defender for Endpoint (MDE) has been improved for Linux users, who will now be able to isolate their devices from their network.
A Microsoft company blog post explained how the update is designed to prevent attackers from installing malware or otherwise gaining access to Linux systems, for data exfiltration and lateral movement for example.
It works in the same way as it would for Windows users, by disconnecting from the network but remaining connected to the MDE network.
Linux Defender for Endpoint
The company explained that, to use MDE for Linux, users should consider using a split-tunnelling VPN. This will allow it and its cloud-based protection to remain active, otherwise, an isolated device will only be able to access certain web destinations. It says:
“Devices that are behind a full VPN tunnel won’t be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated.”
The post also goes on to discuss the Linux distros that are compatible with the additional capabilities, including Ubuntu 16.04 LTS or higher, and Fedora 33 or higher. A full list of system requirements can be found on the company’s website.
There are two ways for users to isolate their device: the simplest way is to navigate to the Microsoft 365 Defender portal and select ‘Isolate Device’ on the device page. There’s also a set of API instructions for isolating a device and releasing a device from isolation.
Microsoft has continued to tweak its endpoint protection for Linux devices since it became available for Linux users in June 2020, following a five-month period of public preview. The company has not disclosed any information regarding the general availability of MDE isolation for Linux distros, but is keen to hear users’ experiences as it continues to develop the tool.
Need a hardware upgrade? These are the best business laptops around