An Ansible role that installs and configures Microsoft Defender for Endpoint on Linux.
Microsoft Defender for Endpoint on Linux is a unified endpoint security platform that helps stop breaches. It is designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Requires a Microsoft Defender for Endpoint License. You will also need to download WindowsDefenderATPOnboardingPackage.zip
from the Microsoft Defender Security Center. Instuctions found here.
- AlmaLinux >= 8
- AmazonLinux 2023
- CentOS >= 7
- Debian >= 9
- Fedora >= 33
- OracleLinux >= 8
- Redhat Enterprise Linux >= 8
- Rocky Linux >= 8
- Ubuntu >= 20.04
# Enable apt-mark hold
mdatp_apt_package_version_hold: false
# Test connectivity to Microsoft
mdatp_connectivity_test: false
# Test health of MDATP
mdatp_health_test: true
# Apply mdatp_managed.json template
mdatp_managed_json_template: "false"
# MDATP Onboarding Package file location
mdatp_managed_json_location: "mdatp_managed.json.j2"
# Microsoft repository channel insiders-fast|insiders-slow|prod
mdatp_microsoft_repo_channel: "prod"
# Prevent the microsoft repository from being installed
mdatp_microsoft_repo_install_disable: false
# MDATP Onboarding Package file location
mdatp_onboarding_package_location: "WindowsDefenderATPOnboardingPackage.zip"
# MDATP Proxy URL
mdatp_proxy_url: ""
# MDATP state present|absent
mdatp_state: "present"
# MDATP Proxy URL
mdatp_proxy_url: ""
# MDATP YUM package version lock mdatp-101.24032.0007-1
mdatp_yum_package_version:
This role can run a health test on the MDATP client as well as a connectivity test to Microsoft.
This role will install the Microsoft repository. If you wish to disable this as you use your own repository, set mdatp_microsoft_repo_install_disable
to true
.
Version lock is available as mdatp_apt_package_version_hold
for apt and mdatp_yum_package_version
for dnf/yum.
mdatp_apt_package_version_hold
uses apt-mark hold that will prevent the package from being upgraded to a newer version.
mdatp_yum_package_version
will lock the package to the specified version.
If you are using a mdatp_managed.json file, you can use the mdatp_managed_json_template
variable to apply the template. The default is false
. If you wish to use the template, set this to true
and set the mdatp_managed_json_location
to the location of the template. An example template is available within templates.
mdatp_proxy_url
can be used to set a proxy for MDATP. This proxy is added to mdatp systemd service file.
community.general
---
- name: mdatp
hosts: all
roles:
- dgibbs64.mdatp
MIT