Merge pull request #2080 from meghapriyams/docs-editor/microsoft-defender-endpoint-li-1733229630

Update microsoft-defender-endpoint-linux.md

Author: denisebmsft

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,11 +15,14 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 12/04/2024
+ms.date: 12/10/2024
 ---
 
 # Microsoft Defender for Endpoint on Linux
 
+> [!TIP]
+> We are excited to share that Microsoft Defender for Endpoint on Linux now extends support for ARM64-based Linux servers in preview! For more information, see [Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md).
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
@@ -47,37 +50,13 @@ Microsoft Defender for Endpoint for Linux includes anti-malware and endpoint det
 > [!NOTE]
 > Microsoft Defender for Endpoint on Linux agent is independent from [OMS agent](/azure/azure-monitor/agents/agents-overview#log-analytics-agent). Microsoft Defender for Endpoint relies on its own independent telemetry pipeline.
 
-### Installation instructions
-
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint on Linux. Before you begin, make sure the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md) are met.
-
-You can use one of the following methods to deploy Microsoft Defender for Endpoint on Linux:
-
-- To use command-line tool, see [Manual deployment](linux-install-manually.md)
-- To use Puppet, see [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
-- To use Ansible, see [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
-- To use Chef, see [Deploy using Chef configuration management tool](linux-deploy-defender-for-endpoint-with-chef.md)
-- To use Saltstack, see [Deploy using Saltstack configuration management tool](linux-install-with-saltack.md)
-
-If you experience any installation failures, see [Troubleshooting installation failures in Microsoft Defender for Endpoint on Linux](linux-support-install.md).
-
-> [!IMPORTANT]
-> Installing Microsoft Defender for Endpoint in any location other than the default install path is not supported.
-> Microsoft Defender for Endpoint on Linux creates an `mdatp` user with random UID and GID. If you want to control the UID and GID, create an `mdatp` user prior to installation using the  `/usr/sbin/nologin` shell option. Here's an example: `mdatp:x:UID:GID::/home/mdatp:/usr/sbin/nologin`.
-
 ### System requirements
 
-- Disk space: 2 GB
-
-  > [!NOTE]
-  > An additional 2 GB disk space might be needed if cloud diagnostics are enabled for crash collections. Please make sure that you have free disk space in /var.
-
-- Cores: Two minimum, four preferred
+- 1 CPU core minimum. For high-performance workloads, more cores are recommended.
 
-  > [!NOTE]
-  > If you are on Passive or RTP ON mode, at least two Cores are required. Four Cores are preferred. If you are turning on BM, then at least four Cores are required.
+- Memory: At least 1 GB of RAM. For high-performance workloads, more memory might be needed.
 
-- Memory: 1 GB minimum, 4 GB preferred
+- Performance tuning might be needed based on workloads. See [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](linux-support-perf.md).
 
 - The following Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions are supported:
   - Red Hat Enterprise Linux 7.2 or higher
@@ -100,19 +79,28 @@ If you experience any installation failures, see [Troubleshooting installation f
   - Fedora 33-38 
   - Rocky 8.7 and higher
   - Rocky 9.2 and higher 
-  - Alma 8.4 and higher
+  - Alma 8.4 and higher 
   - Alma 9.2 and higher 
   - Mariner 2
+
+- The following Linux server distributions on ARM64 are now supported in preview:
+  - Ubuntu 20.04 ARM64
+  - Ubuntu 22.04 ARM64
+  - Amazon Linux 2 ARM64
+  - Amazon Linux 2023 ARM64
 
+  > [!IMPORTANT]
+  > Support for Microsoft Defender for Endpoint on Linux for ARM64-based Linux devices is now in preview. For more information, see [Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md). 
+   
   > [!NOTE]
   > Distributions and version that are not explicitly listed are unsupported (even if they are derived from the officially supported distributions).
   > After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that which are listed in this section are provided for technical upgrade support only.
   > Microsoft Defender Vulnerability Management is not supported on Rocky and Alma currently.
   > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or greater than 3.10.0-327.
-
+  
   > [!CAUTION]
   > Running Defender for Endpoint on Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system. If there are any other applications on the system that use `fanotify` in blocking mode, applications are listed in the `conflicting_applications` field of the `mdatp health` command output. The Linux **FAPolicyD** feature uses `fanotify` in blocking mode, and is therefore unsupported when running Defender for Endpoint in active mode. You can still safely take advantage of Defender for Endpoint on Linux EDR functionality after configuring the antivirus functionality Real Time Protection Enabled to [Passive mode](linux-preferences.md#enforcement-level-for-antivirus-engine).
-
+  
 - List of supported filesystems for RTP, Quick, Full, and Custom Scan.
 
    |RTP, Quick, Full Scan| Custom Scan|
@@ -141,6 +129,25 @@ If you experience any installation failures, see [Troubleshooting installation f
 
 - /opt/microsoft/mdatp/sbin/wdavdaemon requires executable permission. For more information, see "Ensure that the daemon has executable permission" in [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](linux-support-install.md).
 
+### Installation instructions
+
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint on Linux. Before you begin, make sure the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md) are met.
+
+You can use one of the following methods to deploy Microsoft Defender for Endpoint on Linux:
+
+- To use command-line tool, see [Manual deployment](linux-install-manually.md)
+- To use Puppet, see [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
+- To use Ansible, see [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
+- To use Chef, see [Deploy using Chef configuration management tool](linux-deploy-defender-for-endpoint-with-chef.md)
+- To use Saltstack, see [Deploy using Saltstack configuration management tool](linux-install-with-saltack.md)
+- To install on ARM64-based Linux servers, see [Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md).
+
+If you experience any installation failures, see [Troubleshooting installation failures in Microsoft Defender for Endpoint on Linux](linux-support-install.md).
+
+> [!IMPORTANT]
+> Installing Microsoft Defender for Endpoint in any location other than the default install path is not supported.
+> Microsoft Defender for Endpoint on Linux creates an `mdatp` user with random UID and GID. If you want to control the UID and GID, create an `mdatp` user prior to installation using the  `/usr/sbin/nologin` shell option. Here's an example: `mdatp:x:UID:GID::/home/mdatp:/usr/sbin/nologin`.
+
 ### External package dependency
 
 If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies. The following external package dependencies exist for the mdatp package:
@@ -149,7 +156,7 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende
 - For RHEL6 the mdatp RPM package requires `audit`, `policycoreutils`, `libselinux`, and `mde-netfilter`
 - For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`, `auditd`, and `mde-netfilter`
 
-The mde-netfilter package also has the following package dependencies:
+The`mde-netfilter` package also has the following package dependencies:
 
 - For DEBIAN the mde-netfilter package requires `libnetfilter-queue1`, and `libglib2.0-0`
 - For RPM the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`