How to push policy to Linux devices from Intune - mattnovitsch/M365 GitHub Wiki

Summary

Now that we have onboarded devices with Microsoft Defender for Endpoint, we need a way to manage the policy. We could do it locally but that becomes a pain for large scale. You best option is using management tools like Intune, chef, puppet. As I am not a Linux guru, but I know Intune we will focus on that route here.

  • Note: As of today the method that this page will be outlining will not work for GovCloud customers

Deployment steps

  1. Go to Defender XDR
  2. Navigate to Settings > Endpoints > Enforcement Scope
  3. We need to turn on Use MDE to enforce security configuration settings from Intune
  4. We then need to turn on the Linux Device slider. If you only onboarded a few test devices, setting the radio button to "On All Devices" will work. If you have already onboarded all your devices then I would recommend using "On Tagged Devices"
  • Note: If you select "On Tagged Devices", you will need to manually tag the devices you want to be managed with a tag of "MDE-Management" image

  1. Save the page at the bottom.

  2. Go to Entra

  3. Navigate to Groups > All groups then select New group image

  4. Enter a group name and change membership type to Dynamic Device, then click Add dynamic query

  • Note: If you want to add specific set of devices then name appropriately image
  1. The first property is going to be managementType it needs to be set to MicrosoftSense.
  2. The second property is going to be deviceOSType, this will need to be set to Linux.
  3. Save this and repeat as needed.
  • Note: If you want to add additional settings like DisplayName to break down the group into targeted servers we would repeat steps 8-11 as needed. image

  1. Go to back to Defender XDR

  2. Navigate to Endpoints > Endpoint Security Policies > Linux Policies and select Create New Policy image

  3. Select Linux as the Platform and Select Microsoft Defender Antivirus as the Template

  • Note: If you need separate exclusions for different server groups, I would recommend creating exclusions and deploy to specific groups to not blank exclude processes. image

15.Give your policy a name image

  1. The configuration setting is going to depend on what your corporate policies are. These are the settings I turned on in my lab. Select Next to go to Assignments. image

  2. On the assignments, we need the group(s) we created before. You can enter as many groups as you want here. image

  3. Review and create your policy.

  • Note: Depending on your environment you may have multiple groups and policies. image

Support

If you need assistance with this process, Microsoft FastTrack can assist you. Please reach out to your FastTrack Architect, FastTrack Manager, Customer Success Account Manager, or log a request Request for Assistances.