Product reviews, deals and the latest tech news

Microsoft Defender is getting much better at protecting Linux endpoints

Users of the Linux operating system may now better protect their devices by using the new features of Microsoft Defender for Endpoint (MDE).

In a corporate blog post, Microsoft outlined how the patch would stop hackers from installing malware on Linux computers and obtaining access to sensitive data or moving laterally inside the network.

Users may be offline while still being connected to the MDE network, just as they would on Windows.

Linux Endpoint Security Defender

The firm suggested that split-tunneling VPNs be used in conjunction with MDE for Linux. Without this, an offline device can only access a limited subset of the web, rendering it useless and rendering the cloud-based security it provides useless as well. That whatever is written therein entails:

After isolation, “devices behind a complete VPN tunnel will not be able to contact the Microsoft Defender for Endpoint cloud service.”

The article continues by listing the Linux distributions (starting with Ubuntu 16.04 LTS) and versions (starting with Fedora 33) that are compatible with the extended features. The website of the corporation provides a comprehensive list of hardware and software requirements.

Isolating a device is possible in two ways: the first is to go to the Microsoft 365 Defender site and click the “Isolate Device” button there. Instructions for isolating and then unisolating a device may be found in the API.

After a five-month public beta period, Microsoft made its endpoint security for Linux systems generally accessible in June 2020. The business has been mum on when MDE isolation for Linux distributions would be made generally available, but it is interested in user feedback while it refines the software.