Defender ATP - noobient/noobuntu GitHub Wiki

Obtain the onboarding package as explained in Download the onboarding package, extract the included mdatp_onboard.json to ansible/roles/devenv/files, and set mdatp_deploy to True in ansible/roles/devenv/vars/main.yml.

Then run the devenv playbook and Defender ATP should be up and running.

You can try running a connectivity test:

mdatp --connectivity-test

Or perform a health check:

mdatp --health

The mdatp daemon's log files are stored under /var/log/microsoft/mdatp.

The current Linux systems running Defender ATP can be managed in the Microsoft Defender Security Center.

You can see Defender ATP in action by downloading the EICAR test virus.