Linux Configuation

Linux commands for Microsoft Defender can be located at:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-resources?view=o365-worldwide

~~Block~~After installing Defender for Linux enable the block potentially unwanted applications (PUA) pfunctionality using:

sudo mdatp threat policy set --type potentially_unwanted_application --action block

Once this has been done add cron jobs using:

sudo crontab -e

~~This~~Add ~~cron~~this ~~job~~line ~~will~~to ~~run~~schedule a quick scan at 2:00 UTC Monday to Saturday, output will be placed in /var/log/mdatp_cron_job.log

00 2 * * 1-6 /usr/bin/mdatp scan quick > /var/log/mdatp_cron_job.log

~~This~~Add ~~cron~~this ~~job~~line ~~will~~to ~~run~~schedule a full scan at 2:00 UTC Sunday, output will be placed in /var/log/mdatp_cron_job.log

00 2 * * 0 /usr/bin/mdatp scan full > /var/log/mdatp_cron_job.log

Exit the editor saving your changes.

You may now log off from the server