>
Microsoft Defender for Endpoint (MDE) has been enhanced for Linux users, who can now isolate their devices from their network.
A Microsoft company blogging (opens in new tab) post explained how the update is designed to prevent attackers from installing malware or otherwise gaining access to Linux systems, such as for data exfiltration and lateral movement.
It works the same way it does for Windows users, by disconnecting from the network but staying connected to the MDE network.
Linux Defender for Endpoint
The company explained that to use MDE for Linux, users should consider using a split tunneling VPN. This allows it and its cloud-based protection to remain active, otherwise an isolated device can only access certain web destinations. It says:
“Devices that are behind a full VPN tunnel will not be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated.”
The post also goes on to discuss the Linux distributions compatible with the additional capabilities, including Ubuntu 16.04 LTS or later, and Fedora 33 or later. A full list of system requirements can be found on the company’s website website (opens in new tab).
There are two ways for users to isolate their device: the easiest way is to navigate to the Microsoft 365 Defender portal and select “Isolate device” from the device page. There is also a set of API instructions for it isolate a device (opens in new tab) and releasing a device from isolation (opens in new tab).
Microsoft has continued to tweak endpoint security for Linux devices since it became available to Linux users in June 2020, following a five-month public preview period. The company has not released information about the general availability of MDE isolation for Linux distributions, but is interested in hearing user experiences as it continues to develop the tool.