Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Defender ATP for Linux is coming! ...And a sneak peek into what’s next
Published Feb 25 2020 08:00 AM 60.8K Views

Update: Microsoft Defender ATP for Linux is in public preview as of March 02, 2020.


The Microsoft Defender ATP team is thrilled to announce public preview of Microsoft Defender ATP for Linux and a sneak peek into our mobile threat defense capabilities for Android and iOS!


Ten months ago, when we first announced our plans for macOS, we made a promise of building security solutions not only for Microsoft, but from Microsoft. Many of our customers have time and again shared with us their difficulties in managing multiple security solutions to protect their unique range of platforms and products against multiple attack vectors. Their challenging reality of having to protect and manage heterogenous environments resonated with us. We heard feedback loud and clear that our customers are looking for complete cross-platform coverage from a single security vendor on an integrated platform.


Over the last year, we released preventive and EDR capabilities for macOS. Our macOS investments have been met with positive feedback from customers and a desire to learn more about our cross-platform roadmap. We’re extremely proud to share with you our Linux news and to give you a glimpse into where we’re going next.



Microsoft Defender ATP for Linux public preview!


Microsoft Defender ATP for Linux public preview is now open! In our initial release, we offer preventive capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats.




In the Microsoft Defender Security Center, basic machine and alert information is being surfaced.




Information in the Microsoft Defender Security Center includes:


Antivirus alert information:

  • Severity
  • Scan type
  • Device information (see below for details)
  • File information (name, path, size, and hash)
  • Threat information (name, type, and state)

Device information:

  • Machine identifier
  • Tenant identifier
  • App version
  • Hostname
  • OS type
  • OS version
  • Computer model
  • Processor architecture
  • Whether the device is a virtual machine


Microsoft Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool.


Based on customer input, we support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.


Just as with our journey on macOS, we will be lighting up Linux EDR capabilities in the coming months – stay tuned!



Getting started with Microsoft Defender ATP for Linux


Microsoft Defender ATP for Linux public preview is now open!

To learn more about our Linux capabilities and to get started with Microsoft Defender ATP for Linux public preview, visit our documentation:


If you have preview features turned on in the Microsoft Defender ATP Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender ATP Security Center today. With our continuous cross-platform investments, we strive to help our customers further streamline their approach to endpoint security.


We welcome your feedback and are looking forward to hearing it!

To send us feedback, click on the ‘send a smile/frown’ icon on the top right corner of the security center:





What’s next


As mentioned, we’re on a journey. We are committed to delivering security across a range of platforms beyond Windows. Today, more business is getting done on mobile devices as the lines blur between work and personal life. The threats here are unique. For example, one of the biggest and fastest growing threats on mobile is phishing attacks - where a majority of them happen outside of email, such as via phishing sites, messaging apps, games, and other applications. Other common mobile risks exist with Android, where users are more susceptible to risks from malicious apps. And finally, jailbroken and rooted devices introduce increased risk by allowing unnecessary escalated privileges and the installation of unauthorized applications.


In this rapidly evolving world of mobile threats, Microsoft is taking a holistic approach to tackling these challenges and to securing enterprises and their data.


At the RSA Conference, we will show you a sneak peek into our investments into mobile threat defense for Android and iOS. We’ll share our plans to protect our customers from common mobile risk vectors with the same management and single pane of glass experience they currently get with Microsoft Defender ATP for Windows and macOS. More details about our mobile capabilities will be released over the coming months in 2020 as we work to make this a reality.




If you’re not yet taking advantage of Microsoft’s industry leading security optics and detection capabilities for endpoints, sign up for a free trial of Microsoft Defender ATP today.



Microsoft Defender ATP team


1 Comment
Version history
Last update:
‎Sep 16 2020 06:32 PM
Updated by: