Microsoft Defender for Endpoint in Linux Capabilities
I’ve spoken about Defender in Linux recently with MDC, but I recently heard questions from customers about what capabilities are available in Defender for Endpoint for Linux and wanted to cover this topic.
What features are Available to protect Linux?
A common customer question, what MDE protection capabilities are available to Linux devices?
These are the available capabilities per platform, also explained by Microsoft’s own Product team in this video:
An omission you might have noticed is specifically around ASR (Attack Surface Reduction) rules.
First, what are ASR rules? The documentation explains:
Attack surface reduction rules can constrain software-based risky behaviors.
ASR requirements are listed in this document.
And this a list of some of the main rules enabled via ASR:
And as you can see, most (not all) of them are related to Microsoft Windows’ architecture — think of concepts such as:
- Drivers
