Skip to content

Commit 81d531d

Browse files
paulinbarpaulinbar
committed
Deploy dfs using golden images
1 parent 1d34d71 commit 81d531d

File tree

1 file changed

+153
-0
lines changed

1 file changed

+153
-0
lines changed

defender-endpoint/linux-deploy-dfs-using-golden-images.md

Lines changed: 153 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,153 @@
1+
---
2+
title: Deploy Microsoft Defender for Endpoint on Linux using golden images
3+
description: Learn how to use preconfigured virtual machine templates (golden images) for rapid, consistent Microsoft Defender for Endpoint deployment on Linux.
4+
ms.service: defender-endpoint
5+
ms.author: painbar
6+
author: paulinbar
7+
ms.reviewer: meghapriya
8+
ms.localizationpriority: medium
9+
manager: bagol
10+
audience: ITPro
11+
ms.collection:
12+
- m365-security
13+
- tier3
14+
- mde-linux
15+
ms.topic: install-set-up-deploy
16+
ms.subservice: linux
17+
search.appverid: met150
18+
ms.date: 08/26/2025
19+
---
20+
21+
# Deploy Microsoft Defender for Endpoint on Linux using golden images (preview)
22+
23+
[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
24+
25+
**Applies to:** ??Do we need applies to?
26+
27+
Golden images are preconfigured virtual machine templates used to rapidly deploy consistent environments. Microsoft Defender for Endpoint on Linux supports golden image deployment with improved handling of machine identifiers and hostnames, ensuring reliable telemetry and device correlation.
28+
29+
This guide walks you through:
30+
31+
- Installing Microsoft Defender for Endpoint on a golden image.
32+
33+
- Preparing the image for cloning.
34+
35+
- Ensuring unique identifiers for each VM instance.
36+
37+
- Specific steps for cloud and on-premises environments
38+
39+
## Step-by-Step: Installing MDE on a Golden Image
40+
41+
1. Prepare the Base VM
42+
43+
- Install your preferred Linux distribution.
44+
45+
- Apply all necessary system updates.
46+
47+
- Install required dependencies for MDE.
48+
49+
1. Install Microsoft Defender for Endpoint
50+
51+
There are several methods and tools that you can use to deploy Microsoft Defender for Endpoint on Linux (applicable to AMD64 and ARM64 Linux servers):
52+
53+
- [Installer script based deployment](./linux-installer-script.md)
54+
55+
- [Ansible based deployment](./linux-install-with-ansible.md)
56+
57+
- [Chef based deployment](./linux-deploy-defender-for-endpoint-with-chef.md)
58+
59+
- [Puppet based deployment](./linux-install-with-puppet.md)
60+
61+
- [SaltStack based deployment](./linux-install-with-saltack.md)
62+
63+
- [Manual deployment](./linux-install-manually.md)
64+
65+
- [Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)
66+
67+
- [Guidance for Defender for Endpoint on Linux Server with SAP](./mde-linux-deployment-on-sap.md)
68+
69+
1. Validate Installation
70+
71+
Ensure MDE is running and registered:
72+
73+
```bash
74+
mdatp health
75+
```
76+
77+
## Preparing the Golden Image for Cloning
78+
79+
Before snapshotting the VM, follow these steps to ensure each clone will have a unique machine identity:
80+
81+
**On-Premises VMs**
82+
83+
**A. Inject a New SMBIOS UUID**
84+
85+
- **KVM/libvirt**: Omit the \<uuid\> element in domain XML or set a fresh UUID using:
86+
87+
- uuidgen
88+
89+
- **VMware/Hyper-V**: Enable platform settings to generate a new BIOS GUID during clone or conversion.
90+
91+
**B. Regenerate OS Machine ID**
92+
93+
Run the following commands:
94+
95+
rm -f /etc/machine-id /var/lib/dbus/machine-id
96+
97+
systemd-machine-id-setup
98+
99+
dbus-uuidgen \--ensure=/var/lib/dbus/machine-id
100+
101+
**C. Validate Metadata Post-Clone**
102+
103+
After cloning, verify:
104+
105+
- CloudMetadata
106+
107+
- dmidecode
108+
109+
- sysfs values
110+
111+
- Hardware GUID
112+
113+
If mismatched, update the MachineInfo and save all values back to the MDE state file.
114+
115+
**Cloud VMs**
116+
117+
Cloud platforms (e.g., Azure, AWS, GCP) automatically inject unique metadata and identifiers via their instance metadata services (IMDS). No manual steps are required.
118+
119+
MDE will automatically detect and use these values to generate unique machine IDs.
120+
121+
**Hostname Management**
122+
123+
- Hostnames are now stored persistently during installation.
124+
125+
- If you wish to change the hostname, **restart the service** to ensure consistent identifier updates.
126+
127+
**Summary**
128+
129+
By following this guide, you can confidently deploy MDE on Linux using golden images across cloud and on-premises environments. This ensures:
130+
131+
- Unique and consistent device identifiers
132+
133+
- Reliable telemetry
134+
135+
- Smooth device correlation in the security portal
136+
137+
138+
139+
## Related content
140+
141+
- [Prerequisites for Defender for Endpoint on Linux](mde-linux-prerequisites.md)
142+
143+
- Deployment methods:
144+
- [Installer script based deployment](linux-installer-script.md)
145+
- [Ansible based deployment](linux-install-with-ansible.md)
146+
- [Chef based deployment](linux-deploy-defender-for-endpoint-with-chef.md)
147+
- [Puppet based deployment](linux-install-with-puppet.md)
148+
- [Saltstack based deployment](linux-install-with-saltack.md)
149+
- [Connect your non-Azure machines to Defender for Cloud with Defender for Endpoint](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint) (direct onboarding using Defender for Cloud)
150+
- [Deployment guidance for Defender for Endpoint on Linux for SAP](mde-linux-deployment-on-sap.md)
151+
- [Deploy Defender for Endpoint on Linux manually](linux-install-manually.md)
152+
153+
[!INCLUDE [Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

0 commit comments

Comments
 (0)