Quick Note: MDE stands for Microsoft Defender for Endpoint. We use the abbreviation MDE to refer to Microsoft Defender for Endpoint. This is also referred as Microsoft Defender Advanced Threat Protection (MDATP).
What is Microsoft Defender for Endpoint (MDE)?
MDE is a Microsoft Azure cloud security solution that protects Windows and Linux machines from various cyber threats, including:
- Advanced threat detection: MDE collects data from devices and employs analytics to identify suspicious activity that might indicate potential breaches.
- Vulnerability assessment: MDE integrates with other security tools to find and address vulnerabilities in your systems.
- Threat intelligence: MDE leverages threat intelligence from Microsoft and partners to keep you updated on the latest threats and enable you to respond effectively.
How to check the current status of MDE on Linux Machine?
service mdatp status
By running this command you can verify that service is running on machine or not.
How to Start the MDE Service on Linux Machine?
sudo service mdatp start
How to restart the MDE Service on Linux Machine?
sudo service mdatp restart
How to test the connectivity of MDE on Linux Machine?
mdatp connectivity test
How to verify if a Linux machine protected by MDE is associated with your organization's identifier?
mdatp health --field org_id
How to check the health of MDE on a Linux machine?
mdatp health --field healthy
How to verify real-time protection is enabled for MDE on a Linux machine?
mdatp health --field real_time_protection_enabled
To enable real-time protection for MDE on this machine (if it's currently disabled), use the following command:
mdatp config real-time-protection --value enabled
To disable MDE on this machine, run the following command (WARNING: This will leave the machine vulnerable):
mdatp config real-time-protection --value disabled
How to troubleshoot MDE Agent health issues?
Run the following command to get detailed information about potential issues with the agent's health:
mdatp health --help
For a more in-depth analysis of MDE's health, run the mdatp health --details command. This will provide detailed information about the health of various MDE features.
mdatp health --details
How to Troubleshoot events or alerts issues for MDE on Linux?
sudo service auditd status
MDE leverages the system's audit framework to track network and login activity. If the audit service (auditd) is stopped, you can start it using the following command:
sudo service auditd start
What is Endpoint Protection and What does it do?
Endpoint Protection is a remote computing security service, a kind of an API that connects to various endpoints like Laptops, Desktops, Software Applications, Websites and more for communication on a network and to protect data from various endpoint connections by providing investigation and remediation about security incidents and alerts.
In the market there are many free and premium versions which keep your data secure and to protect the network.
Endpoint Protection or Antivirus? Which is Better?
Endpoint Protection is an advanced version of antivirus which includes the latest security protection like next-generation protection feature and data leak protection.
What are the main uses of Endpoint Protection?
- Persistent Threat Detection
- Blocking Viruses
- Malware Protection
- Security Scanning
- Web Filtering
- Reduce Disk Functionality
- Provides Remediation about incidents and alerts