You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/linux-exclusions.md
+28Lines changed: 28 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -140,6 +140,34 @@ To configure exclusions from Puppet, Ansible, or another management console, ple
140
140
141
141
For more information, see [Set preferences for Defender for Endpoint on Linux](linux-preferences.md).
142
142
143
+
### Using Defender for Endpoint security settings management
144
+
145
+
As a security administrator, you can configure Defender for Endpoint exclusions using the Microsoft Defender portal. This method is referred to as Defender for Endpoint security settings management. If you're using this method for the first time, make sure to complete the following procedures:
146
+
147
+
#### 1. Configure your tenant to support security settings management
148
+
149
+
1. In the [Microsoft Defender portal](https://security.microsoft.com), navigate to **Settings** > **Endpoints** > **Configuration Management** > **Enforcement Scope**, and then select the Linux platform.
150
+
151
+
2. Tag devices with the `MDE-Management` tag. Most devices will enroll and apply the policy within minutes, though some may take up to 24 hours. For more information refer-[configure-your-tenant-to-support-defender-for-endpoint-security-settings-management](/mem/intune/protect/mde-security-integration?branch=main)
152
+
153
+
#### 2. Creating Microsoft Entra group
154
+
155
+
Create a dynamic Microsoft Entra group based on device OS Type to ensure all devices in Defender for Endpoint receive policies. This allows devices managed by Defender for Endpoint to be automatically added to the group, eliminating the need for admins to create new policies manually. For more information on how to manage Entra groups refer: [create-microsoft-entra-groups](https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#create-microsoft-entra-groups.md)
156
+
157
+
#### 3. Create an endpoint security policy
158
+
159
+
- Sign in to the <ahref="https://go.microsoft.com/fwlink/p/?linkid=2077139"target="_blank">Microsoft Defender portal</a> using at least a Security Administrator role.
160
+
- Select **Endpoints > Configuration management > Endpoint security policies** and then select **Create new Policy**.
161
+
- Select a platform as "Linux" from the dropdown list.
162
+
- Select the required exclusion template (`Microsoft defender global exclusion(AV+EDR) for global exclusions and Microsoft defender antivirus exclusions for antivirus exclusions`), then select **Create policy**.
163
+
- On the **Basics** page, enter a name and description for the profile, then choose **Next**.
164
+
- On the **Settings** page, expand each group of settings, and configure the settings you want to manage with this profile.
165
+
- When you're done configuring settings, select **Next**.
166
+
- On the **Assignments** page, select the groups that will receive this profile.
167
+
- Select **Next**.
168
+
- On the **Review + create** page, when you're done, select **Save**. The new profile is displayed in the list when you select the policy type for the profile you created.
169
+
For more information refer: [Manage endpoint security policies in Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/defender-endpoint/manage-security-policies?toc=%2Fmem%2Fintune%2Ftoc.json&bc=%2Fmem%2Fbreadcrumb%2Ftoc.json#create-an-endpoint-security-policy.md)
170
+
143
171
### Using the command line
144
172
145
173
Run the following command to see the available switches for managing exclusions:
0 commit comments