MicrosoftDocs
diff --git a/‎defender-endpoint/TOC.yml‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/TOC.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/api/run-live-response.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/api/run-live-response.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/defender-endpoint-demonstration-network-protection.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/defender-endpoint-demonstration-network-protection.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/edr-detection.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/edr-detection.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/mde-p1-setup-configuration.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/mde-p1-setup-configuration.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/migrating-mde-server-to-cloud.md‎
Lines changed: 22 additions & 21 deletions b/‎defender-endpoint/migrating-mde-server-to-cloud.md‎
Lines changed: 22 additions & 21 deletions
diff --git a/‎defender-endpoint/minimum-requirements.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/minimum-requirements.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/network-protection-linux.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/network-protection-linux.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/non-windows.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/non-windows.md‎
Lines changed: 1 addition & 1 deletion
@@ -297,6 +297,8 @@
                   href: schedule-antivirus-scan-in-mde.md
                 - name: Schedule antivirus scans using Crontab
                   href: linux-schedule-scan-mde.md
+              - name: Network protection for Linux
+                href: network-protection-linux.md
               - name: Configure and validate exclusions on Linux
                 href: linux-exclusions.md
               - name: Configure eBPF-based sensor
@@ -700,8 +702,6 @@
           href: evaluate-network-protection.md
         - name: Turn on network protection
           href: enable-network-protection.md
-        - name: Network protection for Linux
-          href: network-protection-linux.md
         - name: Network protection for MacOS
           href: network-protection-macos.md
       - name: Web protection
 
@@ -93,8 +93,8 @@ Before you can initiate a session on a device, make sure you fulfill the followi
       - 12 (Monterey)
       - 11 (Big Sur)
 
-  - **Linux Server**
-      - [Supported Linux server distributions and kernel versions](../microsoft-defender-endpoint-linux.md)
+  - **Linux servers**
+      - [Supported Linux distributions](../mde-linux-prerequisites.md#supported-linux-distributions)
 
 ## Permissions
 
 
@@ -31,7 +31,7 @@ Network Protection helps reduce the attack surface of your devices from Internet
 ## Scenario requirements and setup
 
 - Client devices must be running Windows 11, Windows 10 version 1709 build 16273 or newer, or macOS
-- Server device must be running Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 (with the new unified client), or Linux Server.
+- Server devices must be running Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 (with the new unified client), or Linux.
 - Microsoft Defender Antivirus
 
 ## Windows
 
@@ -29,7 +29,7 @@ ms.date: 03/04/2025
 
 - Windows client devices must be running Windows 11, Windows 10 version 1709 build 16273 or newer, Windows 8.1, or Windows 7 SP1.
 - Windows server devices must be running Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2008 R2 SP1.
-- Linux Server
+- Linux servers must be running a supported version (see [Prerequisites for Microsoft Defender for Endpoint on Linux](mde-linux-prerequisites.md))
 - Devices must be onboarded to Defender for Endpoint
 
 Endpoint detection and response for Endpoint provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 
@@ -52,7 +52,7 @@ The following table lists the basic requirements for Defender for Endpoint Plan
 | Licensing requirements | Defender for Endpoint Plan 1 (standalone, or as part of Microsoft 365 E3, A3, or G3) |
 | Browser requirements | Microsoft Edge <br/> Internet Explorer version 11 <br/> Google Chrome |
 | Operating systems (client) | Windows 11<br/>Windows 10, version 1709, or later<br/>[macOS](microsoft-defender-endpoint-mac.md)<br/>[iOS](microsoft-defender-endpoint-ios.md) <br/>[Android OS](microsoft-defender-endpoint-android.md) |
-| Operating systems (server) | Windows Server 2025 <br/>Windows Server 2022<br/>Windows Server 2019<br/>Windows Server version 1803 and later<br/>Windows Server 2016 and 2012 R2 are supported when using the [modern unified solution](configure-server-endpoints.md#functionality-in-the-modern-unified-solution)<br/>[Linux Server](microsoft-defender-endpoint-linux.md)   |
+| Operating systems (server) | Windows Server 2025 <br/>Windows Server 2022<br/>Windows Server 2019<br/>Windows Server version 1803 and later<br/>Windows Server 2016 and 2012 R2 are supported when using the [modern unified solution](configure-server-endpoints.md#functionality-in-the-modern-unified-solution)<br/>[Linux](microsoft-defender-endpoint-linux.md)   |
 | Datacenter | One of the following datacenter locations: <br/>- European Union <br/>- United Kingdom <br/>- United States |
 
 > [!NOTE]
 
@@ -13,7 +13,7 @@ ms.collection:
 - m365-security
 - tier2
 ms.custom: migrationguides
-ms.date: 03/17/2025
+ms.date: 03/18/2025
 search.appverid: met150
 ---
 
@@ -24,65 +24,66 @@ search.appverid: met150
 - Microsoft Defender for Endpoint for servers
 - Microsoft Defender for Servers Plan 1 or Plan 2
 
-This article guides you in migrating servers from Microsoft Defender for Endpoint Server to Defender for Servers (part of Defender for Cloud).
+This article guides you in migrating servers from Defender for Endpoint for servers to Defender for Servers (part of Defender for Cloud).
 
-[Microsoft Defender for Endpoint](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. The Microsoft Defender for Endpoint Server license enables you to onboard servers to Defender for Endpoint.
+[Defender for Endpoint](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. The Defender for Endpoint Server license enables you to onboard servers to Defender for Endpoint.
 
-[Microsoft Defender for Cloud](https://azure.microsoft.com/services/defender-for-cloud/) is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration. It also helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats.
+[Defender for Cloud](https://azure.microsoft.com/services/defender-for-cloud/) is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration. It also helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats.
 
-While both products offer server protection capabilities, Microsoft Defender for Cloud is our primary solution to protect infrastructure resources, including servers. 
+While both products offer server protection capabilities, Defender for Cloud is our primary solution to protect infrastructure resources, such as servers.
 
-## How do I migrate my servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud?
+## How do I migrate my servers from Defender for Endpoint to Defender for Cloud?
 
 If you have servers onboarded to Defender for Endpoint, the migration process varies depending on machine type, but there's a set of shared prerequisites. 
 
-Microsoft Defender for Cloud is a subscription-based service in the Microsoft Azure portal. Therefore, Defender for Cloud and the underlying plans like Microsoft Defender for Servers Plan 2 need to be enabled on Azure subscriptions.
+Defender for Cloud is a subscription-based service in the Microsoft Azure portal. Therefore, Defender for Cloud and the underlying plans like Defender for Servers Plan 2 need to be enabled on Azure subscriptions.
 
 To enable Defender for Servers for Azure VMs and non-Azure machines connected through [Azure Arc-enabled servers](/azure/azure-arc/servers/overview), follow this guideline:
 
 1. If you aren't already using Azure, plan your environment following the [Azure Well-Architected Framework](/azure/architecture/framework/).
 
-2. Enable [Microsoft Defender for Cloud](/azure/defender-for-cloud/get-started) on your subscription.
+2. Enable [Defender for Cloud](/azure/defender-for-cloud/get-started) on your subscription.
 
-3. Enable a Microsoft Defender for Server plan on your [subscription(s)](/azure/defender-for-cloud/enable-enhanced-security). In case you're using Defender for Servers Plan 2, make sure to also enable it on the Log Analytics workspace your machines are connected to; it enables you to use optional features like File Integrity Monitoring, Adaptive Application Controls, and more.
+3. Enable a Defender for Servers plan on your [subscription](/azure/defender-for-cloud/enable-enhanced-security). In case you're using Defender for Servers Plan 2, make sure to also enable it on the Log Analytics workspace your machines are connected to. It enables you to use optional features like File Integrity Monitoring, Adaptive Application Controls, and more.
 
-4. Make sure the [MDE integration](/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows) is enabled on your subscription. If you have pre-existing Azure subscriptions, you might see one (or both) of the two opt-in buttons shown in the image below.
+4. Make sure the [Defender for Endpoint integration](/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows) is enabled on your subscription. If you have preexisting Azure subscriptions, you might see one (or both) of the two opt-in buttons shown in the following image:
 
-     :::image type="content" source="media/mde-integration.png" alt-text="Screenshot that shows how to enable MDE integration." lightbox="media/mde-integration.png":::
+     :::image type="content" source="media/mde-integration.png" alt-text="Screenshot that shows how to enable Defender for Endpoint integration." lightbox="media/mde-integration.png":::
 
    If you have any of these buttons in your environment, make sure to enable integration for both. On new subscriptions, both options are enabled by default. In this case, you don't see these buttons in your environment.
 
-5. Make sure the connectivity requirements for Azure Arc are met. Microsoft Defender for Cloud requires all on-premises and non-Azure machines to be connected via the Azure Arc agent. In addition, Azure Arc doesn't support all MDE supported operating systems. So, learn how to plan for [Azure Arc deployments here](/azure/azure-arc/servers/plan-at-scale-deployment).
+5. If you're planning to use Azure Arc, make sure the connectivity requirements are met. Defender for Cloud requires all on-premises and non-Azure machines to be connected via the Azure Arc agent. In addition, Azure Arc doesn't support all Defender for Endpoint supported operating systems. So, learn how to plan for [Azure Arc deployments here](/azure/azure-arc/servers/plan-at-scale-deployment).
 
 6. *Recommended:* If you want to see vulnerability findings in Defender for Cloud, make sure to enable [Microsoft Defender Vulnerability Management](/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-va) for Defender for Cloud.
 
    :::image type="content" source="media/enable-threat-and-vulnerability-management.png" alt-text="Screenshot that shows how to enable vulnerability management." lightbox="media/enable-threat-and-vulnerability-management.png"::: 
 
-## How do I migrate existing Azure VMs to Microsoft Defender for Cloud?
+## How do I migrate existing Azure VMs to Defender for Cloud?
 
-For Azure VMs, no extra steps are required, these are automatically onboarded to Microsoft Defender for Cloud, thanks to the native integration between the Azure platform and Defender for Cloud.
+For Azure VMs, no extra steps are required. These devices are automatically onboarded to Defender for Cloud because of the native integration between the Azure platform and Defender for Cloud.
 
-## How do I migrate on-premises machines to Microsoft Defender for Servers?
+## How do I migrate on-premises machines to Defender for Servers?
 
-Once all prerequisites are met, [connect](/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc) your on-premises machines via Azure Arc-connected servers.
+Once all prerequisites are met, [connect](/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc) your on-premises machines via Azure Arc-connected servers or enable direct onboarding.
 
 ## How do I migrate VMs from AWS or GCP environments?
 
-1. Create a new multicloud connector on your subscription. (For more information on connector, see [AWS accounts](/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings) or [GCP projects](/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settings).
+1. Create a new multicloud connector on your subscription. For more information on connector, see [AWS accounts](/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings) or [GCP projects](/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settings).
 
 2. On your multicloud connector, enable Defender for Servers on [AWS](/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings#prerequisites) or [GCP](/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settings#configure-the-servers-plan) connectors.
 
-3. Enable autoprovisioning on the multicloud connector for the Azure Arc agent, Microsoft Defender for Endpoint extension, Vulnerability Assessment and, optionally, Log Analytics extension.
+3. Enable autoprovisioning on the multicloud connector for the Azure Arc agent, Defender for Endpoint extension, Vulnerability Assessment and, optionally, Log Analytics extension.
 
      :::image type="content" source="media/select-plans-aws-gcp.png" alt-text="Screenshot that shows how to enable autoprovisioning for Azure Arc agent." lightbox="media/select-plans-aws-gcp.png":::
 
    For more information, see [Defender for Cloud's multicloud capabilities](https://aka.ms/mdcmc).
 
 ## What happens once all migration steps are completed?
 
-After you complete the relevant migration steps, Microsoft Defender for Cloud deploys the `MDE.Windows` or `MDE.Linux` extension to your Azure VMs and non-Azure machines connected through Azure Arc (including VMs in AWS and GCP compute).
+After you complete the relevant migration steps, Defender for Cloud deploys the `MDE.Windows` or `MDE.Linux` extension to your Azure VMs and non-Azure machines connected through Azure Arc (including VMs in AWS and GCP compute).
 
-The extension acts as a management and deployment interface, which orchestrates and wraps the MDE installation scripts inside the operating system and reflect its provisioning state to the Azure management plane. The installation process recognizes an existing Defender for Endpoint installation and connects it to Defender for Cloud by automatically adding Defender for Endpoint service tags.
+The extension acts as a management and deployment interface, which orchestrates and wraps the Defender for Endpoint installation scripts inside the operating system and reflect its provisioning state to the Azure management plane. The installation process recognizes an existing Defender for Endpoint installation and connects it to Defender for Cloud by automatically adding Defender for Endpoint service tags.
+
+In case you have devices running Windows Server 2012 R2 or Windows Server 2016, and those devices are provisioned with the legacy, Log Analytics-based Defender for Endpoint solution, Defender for Cloud's deployment process deploys the Defender for Endpoint [unified solution](configure-server-endpoints.md#functionality-in-the-modern-unified-solution). After successful deployment, it stops and disables the legacy Defender for Endpoint process on these machines.
 
-In case you have devices running Windows Server 2012 R2 or Windows Server 2016, and those devices are provisioned with the legacy, Log Analytics-based Microsoft Defender for Endpoint solution, Microsoft Defender for Cloud's deployment process deploys the Defender for Endpoint [unified solution](configure-server-endpoints.md#functionality-in-the-modern-unified-solution). After successful deployment, it will stop and disable the legacy Defender for Endpoint process on these machines.
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
@@ -113,7 +113,7 @@ To add anti-malware protection to these older operating systems, you can use [Sy
 ### Other supported operating systems
 
 - [Mac](microsoft-defender-endpoint-mac.md) (client devices)
-- [Linux Server](microsoft-defender-endpoint-linux.md)
+- [Linux](microsoft-defender-endpoint-linux.md)
 - [Windows Subsystem for Linux](mde-plugin-wsl.md)
 - [Android](microsoft-defender-endpoint-android.md)
 - [iOS](microsoft-defender-endpoint-ios.md)
 
@@ -80,7 +80,7 @@ sudo apt install -y mdatp
 
 ### Device Onboarding
 
-To onboard the device, you must download the Python onboarding package for Linux server from Microsoft Defender XDR -> Settings -> Device Management -> Onboarding and run:
+To onboard the device, you must download the Python onboarding package for Linux server from the Microsoft Defender portal. Go to **Settings** > **Device Management** > **Onboarding**, and then run the following command:
 
 ```bash
 sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py
 
@@ -43,7 +43,7 @@ For more details on how to get started, visit the Defender for Endpoint on macOS
 
 ## Microsoft Defender for Endpoint on Linux
 
-Microsoft Defender for Endpoint on Linux offers preventative antivirus (AV), endpoint detection and response (EDR), and vulnerability management capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. Security Management for Microsoft Defender for Endpoint is now supported on Linux. For information about the key features and benefits, read our
+Microsoft Defender for Endpoint on Linux offers preventative antivirus (AV), endpoint detection and response (EDR), and vulnerability management capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. Security Management for Microsoft Defender for Endpoint is now supported on Linux. For information about the key features and benefits, read our
 [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux).
 
 For more details on how to get started, visit the Microsoft Defender for Endpoint on Linux [documentation](microsoft-defender-endpoint-linux.md).