By Megha Priya

We are extremely excited to share that Offline Security Intelligence Update is now in Public Preview!

Organizations can now update security intelligence (also referred to as “signatures”) on Linux endpoints with limited or no exposure to the internet using a local hosting server. Exercise better control over the download and deployment of signatures on their Linux servers running critical workloads.

In addition, these are the benefits of the new offline security intelligence update capability:

• Control and manage the frequency of signature downloads on the local server and endpoints pulling signatures from the local server.
• Get peace of mind by being able to test the downloaded signatures on a test device before propagating it to the entire fleet.
• Reduce network bandwidth as now, on behalf of your entire fleet, only one local server will poll Microsoft Cloud to get the latest signatures.
• Run any of the 3 major platforms  (Windows, Mac, Linux) on the local server without needing to install Defender for Endpoint.
• Know you are getting the latest antivirus protection as signatures are always downloaded along with the latest compatible AV engine.
• Trust that there are backups in case. For every update, signature with n-1 version is moved to a backup folder on the local server. In case of any issue with the latest signature, you can pull the n-1 signature version from the backup folder to your endpoints. On the rare occasion offline update fails,  you can also choose to fallback to online update directly from Microsoft Cloud.

How it works

Figure 1: High-level process flow diagram showing signatures downloading to local server and then being propagated to the Linux Endpoints

Read the full post here: Offline Security Intelligence Update is now in Public Preview