This guide will walk you through installing Defender for Endpoint on Linux using Red Hat 7 or 8.

Before you Begin

Most of the steps outlined below can be found on Microsoft Docs here - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-install-manually

You will need an onboarding package file called "WindowsDefenderATPOnboardingPackage.zip".  Please submit a ticket to "AT CCA" asking for a copy of this .zip.

Installing Defender for Endpoint

Prerequisites

Install yum-utils if it isn't installed yet: 

sudo yum install yum-utils

Add the following repos for yum to use:

RHEL 8

sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/8/prod.repo

RHEL 7

sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/7.2/prod.repo

Install the Microsoft GPG public key:

sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc

Installation

Install Defender using yum:

sudo yum install mdatp

Copy over WindowsDefenderATPOnboardingPackage.zip and extract it:

unzip WindowsDefenderATPOnboardingPackage.zip

Run the following python script:

RHEL 8

sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py

RHEL 7

sudo python MicrosoftDefenderATPOnboardingLinuxServer.py

Verify Installation

Verify that the device is now reporting a organization identifier:

mdatp health --field org_id

Check the health status of the product by running the following command. A return value of 1 denotes that the product is functioning as expected:

mdatp health --field healthy