Open-source applications tend to be short on protection

However, in recent years Microsoft has taken steps to change that and especially as it relates to Linux.

A few months back the company expanded those protections by adding endpoint detection and response (EDR) to Defender for Endpoint.

More recently Microsoft added that capability for Azure Defender customers as well. There is a fair amount of cross-pollination here because Linux distributions dominate virtual machine OSes on the Azure Cloud. That means these moves are very much in Microsoft's best interests.

Note that in order to make use of Defender's enhanced capabilities you'll need to be running Microsoft Defender for Endpoint version 101.45.13 or later.


Microsoft had this to say

"The complete set of the previously released antivirus (AV) and EDR capabilities now applies to these newly added Linux distributions. [Threat and vulnerability management] coverage will be expanded with Amazon Linux and Fedora in coming months.

With behavior monitoring, Microsoft Defender for Endpoint on Linux protection is expanded to generically intercept whole new classes of threats such as ransom sensitive data collection, crypto mining and others. Behavior monitoring alerts appear in the Microsoft 365 Defender alongside all other alerts and can be effectively investigated.

Behavior monitoring provides effective measures against ransomware attacks which can be achieved using a variety of legitimate tools (for example, gpg, openssl) while carrying similar patterns from OS behavior perspective. Many of such patterns can be picked up by the behavior monitoring engine in a generic way."

Future enhancements will include the ability to monitor and protect against ransomware threats via machine learning techniques.


My perspective

This is big news for anyone using a Linux distribution. It's good to know that a company with vast resources like Microsoft is working to keep open-source OSes safe. Kudos to Microsoft for that.

It's as if Microsoft had said: "Live long and prosper"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association