Microsoft announced today that it has added device isolation support to Microsoft Defender for Endpoint on Linux devices. Enterprise admins can manually isolate Linux machines enrolled in a public preview using the Microsoft 365 Defender portal or via API requests. This feature will help prevent threat actors from controlling the compromised device and performing malicious activities such as data theft and lateral movement. Microsoft Defender for Endpoint will disconnect the compromised device from the network while still monitoring it. Admins can reconnect the device to the network once the threat has been mitigated. This feature is supported on all MDE Linux-supported distros listed on the System requirements page. Microsoft Defender for Endpoint is a command-line product with antimalware and EDR capabilities designed to send all threat info it detects to the Microsoft 365 Defender portal. Admins can deploy and configure it on Linux devices manually or with the help of Puppet, Ansible, and the Chef configuration management tools. Microsoft Defender for Endpoint was made generally available for Linux and Android in June 2020 after entering public preview in February 2020, with support for several Linux server distributed versions. Microsoft also announced the addition of live response capabilities for Linux devices in Microsoft Defender for Endpoint and included support for identifying and assessing the security configurations of Linux devices on enterprise networks. The same year, MDEs endpoint detection and response capabilities were also made generally available on Linux servers following a public preview stage that started in November 2020.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 31 Jan 2023 14:34:02 +0000