Microsoft releases Defender ATP for Android and Linux

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform.

Microsoft Defender Advanced Threat Protection is designed to help enterprises prevent, detect, investigate, and respond to advanced cyber threats on company endpoints from one central point.

Microsoft Defender ATP for Linux

Microsoft Defender ATP initially offered protection only for Windows devices (it was called Windows Defender APT at the time), but the protection was extended to macOS devices in mid-2019.

“Adding Linux into the existing selection of natively supported platforms by Microsoft Defender ATP marks an important moment for all our customers. It makes Microsoft Defender Security Center a truly unified surface for monitoring and managing security of the full spectrum of desktop and server platforms that are common across enterprise environments (Windows, Windows Server, macOS, and Linux),” noted Helen Allas, a principal program manager at Microsoft.

Microsoft Defender ATP for Linux supports the most recent versions of CentOS Linux, Debian, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES) and Ubuntu.

“This initial release delivers strong preventive capabilities, a full command line experience on the client to configure and manage the agent, initiate scans, manage threats, and a familiar integrated experience for machines and alert monitoring in the Microsoft Defender Security Center,” Allas explained.

Microsoft Defender ATP for Linux requires the Microsoft Defender ATP for Servers license and can be deployed and configured using the Puppet or Ansible configuration management tool or the organization’s existing Linux configuration management tool.

Further requirements and info about deployment and use are available here.

Microsoft Defender ATP for Android

Microsoft has also announced on Tuesday the public preview of Defender ATP for Android.

Microsoft Defender ATP for Android will automatically block access to unsafe/phishing websites from SMS/text, WhatsApp, email, browsers, and other apps, as well as block unsafe network connections that apps might make on the user’s behalf.

Users will be informed about it and asked if they want to proceed, report the block, or dismiss the notification.

Microsoft Defender ATP for Android is also capable of detecting malicious apps, potentially unwanted applications and malicious files on the protected device.

“Additional layers of protection against malicious access to sensitive corporate information is offered by integrating with Microsoft Endpoint Manager, which includes both Microsoft Intune and Configuration Manager,” explained Kanishka Srivastava, a senior program manager at Microsoft.

“For example, a compromised device would be blocked from accessing Outlook email. When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as ‘high risk’ and will flag it in the Microsoft Defender Security Center. Microsoft Intune uses the device’s risk level in conjunction with pre-defined compliance polices to activate Conditional Access rules that block access to corporate assets from the high risk device. (…) Once the malicious app is uninstalled, access to corporate assets is restored automatically for the mobile device.”

Enterprise admins will be able to see the alerts, threats and activities in the Microsoft Defender Security Center and make appropriate decisions.

Srivastava added that more capabilities for Android will be rolled our in the coming months and that Microsoft Defender ATP for iOS will be released later this year.