Merge pull request #2064 from lakshmyav/docs-editor/linux-support-offline-security-1733146813

denisebmsft · web-flow · commit 57bd08eaacef · 2024-12-02T06:51:51.000-08:00
Update linux-support-offline-security-intelligence-update.md
diff --git a/defender-endpoint/linux-support-offline-security-intelligence-update.md b/defender-endpoint/linux-support-offline-security-intelligence-update.md
@@ -15,7 +15,7 @@ ms.collection:
 - mde-linux
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 10/11/2024
+ms.date: 12/02/2024
 ---
 
 # Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux 
@@ -165,7 +165,9 @@ Once hosted, copy the absolute path of the hosted server (up to and not includin
 
 For example, if the script is executed with `downloadFolder=/tmp/wdav-update`, and the HTTP server (`www.example.server.com:8000`) is hosting the `/tmp/wdav-update` path, the corresponding URI is: `www.example.server.com:8000/linux/production/`
 
-Once the Mirror Server is set up, we need to propagate this URL to the Linux endpoints using the Managed Configuration as described in the next section.
+We can also use the absolute path of directory (local / remote mount point) like `/tmp/wdav-update/linux/production`.
+
+Once the Mirror Server is set up, we need to propagate this URL to the Linux endpoints as the `offlineDefinitionUpdateUrl` in the Managed Configuration as described in the next section.
 
 ## Configure the Endpoints
 
@@ -182,17 +184,17 @@ Once the Mirror Server is set up, we need to propagate this URL to the Linux end
         "offlineDefintionUpdateFallbackToCloud":false,
         "offlineDefinitionUpdate": "enabled"
       },
-    "features": {
-    "offlineDefinitionUpdateVerifySig": "enabled"
-    }
+      "features": {
+        "offlineDefinitionUpdateVerifySig": "enabled"
+      }
     }
     ```
 
 | Field Name                                | Values               | Comments                                            |
 |-------------------------------------------|----------------------|-----------------------------------------------------|
 | `automaticDefinitionUpdateEnabled`        | `True` / `False`         | Determines the behavior of Defender for Endpoint attempting to perform updates automatically, is turned on or off respectively. |
 | `definitionUpdatesInterval`               | Numeric              | Time of interval between each automatic update of signatures (in seconds). |
-| `offlineDefinitionUpdateUrl`              | String               | URL value generated as part of the Mirror Server set up. |
+| `offlineDefinitionUpdateUrl`              | String               | URL value generated as part of the Mirror Server set up. This can be either in terms of the remote server URL, or a directory (local / remote mount point). |
 | `offlineDefinitionUpdate`                 | `enabled` / `disabled`   | When set to `enabled`, the offline security intelligence update feature is enabled, and vice versa. |
 | `offlineDefinitionUpdateFallbackToCloud`  | `True` / `False`         | Determine Defender for Endpoint security intelligence update approach when offline Mirror Server fails to serve the update request. If set to true, the update is retried via the Microsoft cloud when offline security intelligence update failed, else vice versa. |
 | `offlineDefinitionUpdateVerifySig`        | `enabled` / `disabled`     | When set to `enabled`, downloaded definitions are verified on the endpoints, else vice versa. |
@@ -287,16 +289,6 @@ offline_definition_update_fallback_to_cloud : false[managed]
   mdatp definitions update
   ```
 
-### Known Issues:
-
-Offline signature update might fail in the following scenario:  
-
-   You enabled the feature, applied the signature updates, then disabled the feature to apply further signature updates from cloud, and subsequently re-enabled the feature for additional signature updates.
-
-Mitigation steps:  
-
-A fix for this issue is planned to release soon. 
-
 ## Useful Links
 
 ### Downloader script
