Deploy Microsoft Defender for Endpoint for Linux.
If an error occurs during installation, the installer will only report a general failure. The detailed log will be saved to /var/log/microsoft/mdatp/install.log
.
- curl
- unzip
- apt-transport-https (debian)
- gnupg (debian)
- python-apt (debian)
Onboarding source supports replacing with a URL and expects the zip file downloaded from the Microsoft Defender Security Center device management onboarding website. This role expects you'll host that file internally on an artifact server like Nexus or as an unauthenticated LFS git object. If you keep the default onboarding_source
value, it will deposit an empty json configuration file.
channel: prod
onboarding_source: "{{ role_path }}/files/WindowsDefenderATPOnboardingPackage.zip"
uninstall: false
From the Microsoft documentation:
Defender for Endpoint for Linux can be deployed from one of the following channels (denoted below as [channel]): insiders-fast, insiders-slow, or prod. Each of these channels corresponds to a Linux software repository.
The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in insiders-fast are the first ones to receive updates and new features, followed later by insiders-slow and lastly by prod.
This example presumes you have a Sonatype Nexus server where you uploaded the onboarding package to a raw repository named infosec-hosted.
---
- name: Install Microsoft Defender Endpoint for Linux.
hosts: all:!platform_windows
vars:
onboarding_source: https://nexus.example.com/repository/infosec-hosted/mde/WindowsDefenderATPOnboardingPackage_Linux_Mgmt_Tool.zip
roles:
- deekayen.mde
- debian
- redhat
- repo
- package
- dependencies
- onboarding
BSD