Onboarding Linux servers with Microsoft Defender for Endpoint

Summary:

This will walk you through the process of onboarding Microsoft Defender for Endpoint on Redhat Linux devices.

Now we need to download the onboarding script to your workstation from Defender XDR:
Navigate to https://security.microsoft.com/
Navigate to Settings > Endpoints > Onboarding
Select Linux Servers and then Download onboarding package.
Unzip the file and remember its location.
Open an Administrative PowerShell.
We will use the SCP command to upload the py script to the Linux Server:
scp -P 22 .\MicrosoftDefenderATPOnboardingLinuxServer.py <username>@<IP Address or servername>:/home/<username>/Desktop/
• It should prompt you for your password.
Install yum-utils if it isn't installed yet: sudo yum install yum-utils sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/9/prod.repo
Install the Microsoft GPG public key: sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
Check and/or Install Python.
python --version
sudo dnf install python3
Install MDE
sudo yum install mdatp
Change directory to the location where you placed the onboarding package.
cd Desktop
Run the python script to create the onboarding package.
sudo python MicrosoftDefenderATPOnboardingLinuxServer.py
Check the MDE client is pointing to your tenant:
mdatp health --field org_id
You should see your OrgID returned, if you do then you are complete. It should show up in the console within 15 minutes to a couple of hours(mine were both in 15 minutes).

If you need to turn off or uninstall MDE from the device:

Now that we have the Linux device onboarded with MDE, we need to push policies to them. Please see the next section: How to push policy to Linux devices from Intune