Microsoft recently announced that the endpoint detection and response (EDR) capabilities in Microsoft Defender for Endpoint on a Linux server are now available.
Microsoft Defender for Endpoint (Linux) feature:
- Contextual anti-virus detection: With the newly enabled EDR support, security operations can be detected with a richer context to gain insight into the source of threats and how malicious programs or activities are created.
- Abundant detection methods: including timeline detection, process creation, file creation, network connection, login event, and advanced search for custom detection.
- Performance optimization: Enhanced CPU utilization in the compilation process and large-scale software deployment.
Microsoft Defender for Endpoint on a Linux server was first revealed at the Ignite 2019 conference. A preview version was released in February 2020, supporting a variety of Linux distributions. Currently, six common Linux server distributions support a full set of Microsoft Defender for Endpoint (Linux) prevention, detection, and response functions:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2