EDR function in Microsoft Defender for Endpoint on Linux server are available

EDR function in Microsoft Defender for Endpoint on Linux server are available

Microsoft recently announced that the endpoint detection and response (EDR) capabilities in Microsoft Defender for Endpoint on a Linux server are now available.

Microsoft Defender for Endpoint (Linux) feature:

  • Contextual anti-virus detection: With the newly enabled EDR support, security operations can be detected with a richer context to gain insight into the source of threats and how malicious programs or activities are created.
  • Abundant detection methods: including timeline detection, process creation, file creation, network connection, login event, and advanced search for custom detection.
  • Performance optimization: Enhanced CPU utilization in the compilation process and large-scale software deployment.

Microsoft Defender for Endpoint on a Linux server was first revealed at the Ignite 2019 conference. A preview version was released in February 2020, supporting a variety of Linux distributions. Currently, six common Linux server distributions support a full set of Microsoft Defender for Endpoint (Linux) prevention, detection, and response functions:

  • RHEL 7.2+
  • CentOS Linux 7.2+
  • Ubuntu 16 LTS, or higher LTS
  • SLES 12+
  • Debian 9+
  • Oracle Linux 7.2