Giters

dgibbs64 / ansible-role-mdatp

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

mdatp

An Ansible role that installs and configures Microsoft Defender for Endpoint on Linux.

Codacy grade GitHub Workflow Status GitHub tag (latest by date) MIT License

About

Microsoft Defender for Endpoint on Linux is a unified endpoint security platform that helps stop breaches. It is designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Requirements

Requires a Microsoft Defender for Endpoint License. You will also need to download WindowsDefenderATPOnboardingPackage.zip from the Microsoft Defender Security Center. Instuctions found here.

Supported Distros

  • AlmaLinux >= 8
  • AmazonLinux 2023
  • CentOS >= 7
  • Debian >= 9
  • Fedora >= 33
  • OracleLinux >= 8
  • Redhat Enterprise Linux >= 8
  • Rocky Linux >= 8
  • Ubuntu >= 20.04

Role Variables

# Enable apt-mark hold
mdatp_apt_package_version_hold: false
# Test connectivity to Microsoft
mdatp_connectivity_test: false
# Test health of MDATP
mdatp_health_test: true
# Apply mdatp_managed.json template
mdatp_managed_json_template: "false"
# MDATP Onboarding Package file location
mdatp_managed_json_location: "mdatp_managed.json.j2"
# Microsoft repository channel insiders-fast|insiders-slow|prod
mdatp_microsoft_repo_channel: "prod"
# Prevent the microsoft repository from being installed
mdatp_microsoft_repo_install_disable: false
# MDATP Onboarding Package file location
mdatp_onboarding_package_location: "WindowsDefenderATPOnboardingPackage.zip"
# MDATP Proxy URL
mdatp_proxy_url: ""
# MDATP state present|absent
mdatp_state: "present"
# MDATP Proxy URL
mdatp_proxy_url: ""
# MDATP YUM package version lock mdatp-101.24032.0007-1
mdatp_yum_package_version:

MDATP Health Test

This role can run a health test on the MDATP client as well as a connectivity test to Microsoft.

Microsoft Repository

This role will install the Microsoft repository. If you wish to disable this as you use your own repository, set mdatp_microsoft_repo_install_disable to true.

Version Lock

Version lock is available as mdatp_apt_package_version_hold for apt and mdatp_yum_package_version for dnf/yum. mdatp_apt_package_version_hold uses apt-mark hold that will prevent the package from being upgraded to a newer version. mdatp_yum_package_version will lock the package to the specified version.

Managed JSON Configuration

If you are using a mdatp_managed.json file, you can use the mdatp_managed_json_template variable to apply the template. The default is false. If you wish to use the template, set this to true and set the mdatp_managed_json_location to the location of the template. An example template is available within templates.

Proxy Configuration

mdatp_proxy_url can be used to set a proxy for MDATP. This proxy is added to mdatp systemd service file.

Dependencies

community.general

Example Playbook

---
- name: mdatp
  hosts: all
  roles:
    - dgibbs64.mdatp

License

MIT

Author Information

About

License:MIT License