Setup Microsoft Defender for Endpoint

• https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide
• https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide
• https://github.com/juju4/mde-baseline-ansible
• https://github.com/juju4/mde-baseline (inspec)

It was tested on the following versions:

• 2.13

Tested on Ubuntu 20.04, 22.04.

Just include this role in your list. For example

- host: myhost
  roles:
    - juju4.mde

you probably want to review variables

TBD

$ pip install molecule docker
$ molecule test
$ MOLECULE_DISTRO=ubuntu:20.04 molecule test --destroy=never

• MDE can cause performance issues. Most often it is related to auditd and an appropriate process exclusion will help.

BSD 2-clause