Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Blog Update | Use the new eBPF-based sensor for Defender for Endpoint on Linux


We are extremely excited to announce the General Availability of a new kernel-based sensor- eBPF sensor (extended Berkeley Packet Filter) for Microsoft Defender for Endpoints on Linux. eBPF sensor is now the default event provider (replacing auditd) for MDE on Linux. It is already running successfully on ~46k Linux machines spread across ~1300 orgs in preview stage. eBPF sensor has significantly enhanced system stability and performance thus improving overall security landscape on Linux. Update to the Microsoft Defender for Endpoint version “101.23082.0006” or later to experience the most recent improvements using the new sensor now!!


Read the full update here: Defender for Endpoint on Linux now supports eBPF-based sensor (

0 Replies