Merge pull request #4937 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 4b7db9510901 · 2025-09-04T20:32:20.000Z
[AutoPublish] main to live - 09/04 13:30 PDT | 09/05 02:00 IST
diff --git a/defender-endpoint/TOC.yml b/defender-endpoint/TOC.yml
@@ -267,20 +267,22 @@
               href: mde-linux-prerequisites.md
             - name: Choose a deployment method
               items:
-              - name: Installer script based deployment
-                href: linux-installer-script.md
               - name: Enabling deployment to a custom location
                 href: linux-custom-location-installation.md
+              - name: Installer script based deployment
+                href: linux-installer-script.md
               - name: Ansible based deployment
                 href: linux-install-with-ansible.md
               - name: Chef based deployment
                 href: linux-deploy-defender-for-endpoint-with-chef.md
               - name: Puppet based deployment
                 href: linux-install-with-puppet.md
-              - name: Saltstack-based deployment
+              - name: Saltstack based deployment
                 href: linux-install-with-saltack.md
               - name: Manual deployment
                 href: linux-install-manually.md
+              - name: Golden image based deployment
+                href: linux-deploy-defender-for-endpoint-using-golden-images.md
               - name: Direct onboarding with Defender for Cloud
                 href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
           - name: Configure Defender for Endpoint on Linux
diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-using-golden-images.md b/defender-endpoint/linux-deploy-defender-for-endpoint-using-golden-images.md
@@ -0,0 +1,117 @@
+---
+title: Deploy Microsoft Defender for Endpoint on Linux using golden images
+description: Learn how to use preconfigured virtual machine templates (golden images) for rapid, consistent Microsoft Defender for Endpoint deployment on Linux.
+ms.service: defender-endpoint
+ms.author: painbar
+author: paulinbar
+ms.reviewer: meghapriya
+ms.localizationpriority: medium
+manager: bagol
+audience: ITPro
+ms.collection:
+- m365-security
+- tier3
+- mde-linux
+ms.topic: install-set-up-deploy
+ms.subservice: linux
+search.appverid: met150
+ms.date: 09/04/2025
+---
+
+# Deploy Microsoft Defender for Endpoint on Linux using golden images
+
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
+
+Golden images are preconfigured virtual machine templates used to rapidly deploy consistent environments. Microsoft Defender for Endpoint on Linux supports golden image deployment across cloud and on-premises environments, with improved handling of machine identifiers and hostnames, ensuring reliable telemetry and device correlation.
+
+This guide walks you through:
+
+- Deploying Microsoft Defender for Endpoint on a golden image.
+
+- Preparing the image for cloning.
+
+- Ensuring unique identifiers for each virtual machine instance.
+
+- Specific steps for cloud and on-premises environments.
+
+## Step 1: Deploy Microsoft Defender for Endpoint on a golden image
+
+1. Prepare the base virtual machine
+
+   - Install your preferred [supported Linux distribution](./mde-linux-prerequisites.md#supported-linux-distributions) and apply all necessary system updates.
+
+1. Deploy Microsoft Defender for Endpoint on a golden image
+
+   There are several methods and tools that you can use to deploy Microsoft Defender for Endpoint on Linux (applicable to AMD64 and ARM64 Linux servers):
+
+   - [Installer script based deployment](./linux-installer-script.md)
+
+   - [Ansible based deployment](./linux-install-with-ansible.md)
+
+   - [Chef based deployment](./linux-deploy-defender-for-endpoint-with-chef.md)
+
+   - [Puppet based deployment](./linux-install-with-puppet.md)
+
+   - [SaltStack based deployment](./linux-install-with-saltack.md)
+
+   - [Manual deployment](./linux-install-manually.md)
+
+   - [Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)
+
+   - [Guidance for Defender for Endpoint on Linux Server with SAP](./mde-linux-deployment-on-sap.md)
+
+1. Validate the deployment
+
+   Check the health status of the product by running the following command. A return value of `true` denotes that the product is functioning as expected:
+
+   ```bash
+   mdatp health
+   ```
+
+> [!NOTE]
+> Once Defender is successfully deployed on the golden image, there's no requirement to install and onboard it individually on each cloned machine.
+
+## Step 2: Prepare the golden image for cloning
+
+When deploying Defender for Endpoint on virtual machines, the hardware UUID reported by the system (system-uuid from dmidecode) is used to uniquely identify each instance.
+
+Before making a snapshot of the virtual machine, ensure that each virtual machine clone gets a unique hardware UUID, as described in the following sections.
+
+### On-premises machines
+
+For on-premises environments, configure your virtualization platform so that each clone receives a unique hardware UUID from the underlying hypervisor. Follow these guidelines:
+
+**KVM/libvirt**
+
+- Don't hard-code the `<uuid>` element in the virtual machine's domain XML; if it's omitted, libvirt generates a random one at definition time.
+
+- Alternatively, explicitly create a new UUID using `uuidgen`.
+
+- For streamlined cloning, use `virt-clone` or `virt-manager`, which automatically assign unique UUIDs.
+
+**VMware**
+
+- During cloning, VMware prompts whether to keep the existing UUID or to create a new one. Always select **Create**, or configure `uuid.action = "create"` in the virtual machine's *.vmx* file.
+
+- In VMware Cloud Director, set `backend.cloneBiosUuidOnVmCopy = 0` to force the creation of new UUIDs.
+
+**Hyper-V**
+
+Hyper-V automatically generates a new hardware UUID when you create a virtual machine using Hyper-V Manager or PowerShell ([New-VM](/powershell/module/hyper-v/new-vm)).
+
+### Cloud virtual machines
+
+Cloud platforms (for example, Azure, AWS, GCP) automatically inject unique metadata and identifiers via their instance metadata services (IMDS). No manual steps are required. Microsoft Defender for Endpoint automatically detects and uses these values to generate unique machine IDs.
+
+## Hostname Management
+
+If the hostname of a Linux server is changed after successful deployment of Defender, then you must restart the `mdatp` service to ensure the new hostname is correctly recognized by product.
+
+## Related content
+
+[!INCLUDE [Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-office-365/email-authentication-dkim-configure.md b/defender-office-365/email-authentication-dkim-configure.md
@@ -110,7 +110,7 @@ Points to address or value: selector2-<CustomDomainWithDashes>._domainkey.<Initi
 - **\<CustomDomainWithDashes\>**: The custom domain or subdomain with periods replaced by dashes. For example, `contoso.com` becomes `contoso-com`, or `marketing.contoso.com` becomes `marketing-contoso-com`.
 - **\<InitialDomainPrefix\>**: The custom part of the \*.onmicrosoft.com you used to enroll in Microsoft 365. For example, if you used `contoso.onmicrosoft.com`, the value is `contoso`.
 - **\<DynamicPartitionCharacter\>**: A dynamically generated character that's used for both selectors (for example, r or n). The value is automatically assigned by Microsoft when you add a new custom domain and enable DKIM. The value is determined by Microsoft's internal routing logic and isn't configurable.
-  - This value is part of the updated DKIM record format for new custom domains in Microsoft 365 introduced in May 2025. Existing custom domains and initial domains continue to use the old DKIM format:
+  - **This value is part of the updated DKIM record format for new custom domains in Microsoft 365 introduced in May 2025**. Existing custom domains and initial domains continue to use the old DKIM format:
 
     ```text
     Hostname: selector1._domainkey
@@ -193,7 +193,7 @@ Proceed if the domain satisfies these requirements.
    |Microsoft.Exchange.ManagementTasks.ValidationException|CNAME record does not
    exist for this config. Please publish the following two CNAME records first. Domain Name
    : contoso.com Host Name : selector1._domainkey Points to address or value: selector1-
-   contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft.com Host Name : selector2._domainkey
+   contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft Host Name : selector2._domainkey
    Points to address or value: selector2-contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft .
    If you have already published the CNAME records, sync will take a few minutes to as
    many as 4 days based on your specific DNS. Return and retry this step later.
