Merge pull request #2251 from meghapriyams/docs-editor/linux-install-with-saltack-1735035071

Update linux-install-with-saltack.md

Author: denisebmsft

defender-endpoint/linux-install-with-saltack.md

@@ -15,34 +15,28 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 12/04/2024
+ms.date: 12/24/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on Linux with Saltstack
 
-[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
-
 **Applies to**:
 
 - Microsoft Defender for Endpoint Server
 - [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
-This article describes how to deploy Defender for Endpoint on Linux using Saltstack. A successful deployment requires the completion of all of the following tasks:
 
-- [Download the onboarding package](#download-the-onboarding-package)
-- [Create Saltstack state files](#create-saltstack-state-files)
-- [Deployment](#deployment)
-- [Reference](#reference)
+This article describes how to deploy Defender for Endpoint on Linux using Saltstack. A successful deployment requires the completion of all of the steps in this article.
 
 [!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)]
 
 ## Prerequisites and system requirements
 
 Before you get started, see [the main Defender for Endpoint on Linux page](microsoft-defender-endpoint-linux.md) for a description of prerequisites and system requirements for the current software version.
 
-In addition, for Saltstack deployment, you need to be familiar with Saltstack administration, have Saltstack installed, configure the Master and Minions, and know how to apply states. Saltstack has many ways to complete the same task. These instructions assume availability of supported Saltstack modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Refer to the [Saltstack documentation](https://docs.saltproject.io/) for details.
+In addition, for Saltstack deployment, you need to be familiar with Saltstack administration, have Saltstack installed, configure the Master and Minions, and know how to apply states. Saltstack has many ways to complete the same task. These instructions assume availability of supported Saltstack modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. For more information, see [Saltstack documentation](https://docs.saltproject.io/).
 
 Here are a few important points:
 
@@ -66,38 +60,58 @@ Here are a few important points:
 
 4. On the SaltStack Master, extract the contents of the archive to the SaltStack Server's folder (typically `/srv/salt`):
 
-    ```bash
-    ls -l
-    ```
+   ```bash
+   unzip WindowsDefenderATPOnboardingPackage.zip -d /srv/salt/mde
+   ```
 
-    ```console
-    total 8
-    -rw-r--r-- 1 test  staff  4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
-    ```
+   ```console
+   Archive:  WindowsDefenderATPOnboardingPackage.zip
+   inflating: /srv/salt/mde/mdatp_onboard.json
+   ```
 
-    ```bash
-    unzip WindowsDefenderATPOnboardingPackage.zip -d /srv/salt/mde
-    ```
+## Create Saltstack state files
 
-    ```console
-    Archive:  WindowsDefenderATPOnboardingPackage.zip
-    inflating: /srv/salt/mde/mdatp_onboard.json
-    ```
+There are two ways you can create the Saltstack state files:
 
-## Create Saltstack state files
+- **Use the installer Script (recommended):** With this method, the script automates deployment by installing the agent, onboarding the device to the [Microsoft Defender portal](https://security.microsoft.com), and configuring the repositories to pick the correct agent compatible with your Linux distribution.
+
+- **Manually configure the repositories:** With this method, repositories must be configured manually along with selecting agent version compatible with your Linux distribution. This method gives you more granular control over the deployment process.
+
+### Create Saltstack state files using the installer script
+
+1. Pull the [installer bash script](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh) from Microsoft GitHub Repository, or use the following command to download it:
+
+   ```bash
+   wget https://raw.githubusercontent.com/microsoft/mdatp-xplat/refs/heads/master/linux/installation/mde_installer.sh /srv/salt/mde/
+   ```
+
+
+2. Create the state file `/srv/salt/install_mdatp.sls` with the following content. The same can be downloaded from [GitHub](https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/third_party_installation_playbooks/salt.install_mdatp_simplified.sls)
+
+   ```bash
+   #Download the mde_installer.sh: https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh
+    install_mdatp_package:
+      cmd.run:
+        - name: /srv/salt/mde/mde_installer.sh --install --onboard /srv/salt/mde/mdatp_onboard.json
+        - shell: /bin/bash
+        - unless: 'pgrep -f mde_installer.sh'
+   ```
+  
+> [!NOTE]
+> The installer script also supports other parameters such as channel (insiders-fast, insiders-slow, prod (default) ), realtime protection, version, etc. To select from the list of available options, check help through the following command:
+>```./mde_installer.sh --help```
+
+### Create Saltstack state files by manually configuring repositories
 
 In this step, you create a SaltState state file in your configuration repository (typically `/srv/salt`) that applies the necessary states to deploy and onboard Defender for Endpoint. Then, you add the Defender for Endpoint repository and key: `install_mdatp.sls`.
 
 > [!NOTE]
 > Defender for Endpoint on Linux can be deployed from one of the following channels:
-> 
 > - *insiders-fast*, denoted as `[channel]`
 > - *insiders-slow*, denoted as `[channel]`
 > - *prod*, denoted as `[channel]` using the version name (see [Linux Software Repository for Microsoft Products](/linux/packages))
 > 
-> Each channel corresponds to a Linux software repository.
-> 
-> The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow*, and lastly by *prod*.
+> Each channel corresponds to a Linux software repository. The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow*, and lastly by *prod*.
 > 
 > In order to preview new features and provide early feedback, it's recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*.
 
@@ -106,7 +120,7 @@ In this step, you create a SaltState state file in your configuration repository
 
 1. Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/[distro]/`.
 
-   In the following commands, replace *[distro]* and *[version]* with your information.
+2. In the following commands, replace *[distro]* and *[version]* with your information.
 
    > [!NOTE]
    > In case of Oracle Linux and Amazon Linux 2, replace *[distro]* with "rhel". For Amazon Linux 2, replace *[version]* with "7". For Oracle utilize, replace *[version]* with the version of Oracle Linux.
@@ -134,7 +148,7 @@ In this step, you create a SaltState state file in your configuration repository
        {% endif %}
    ```
 
-2. Add the package installed state to `install_mdatp.sls` after the `add_ms_repo` state as previously defined.
+3. Add the package installed state to `install_mdatp.sls` after the `add_ms_repo` state as previously defined.
 
    ```console
    install_mdatp_package:
@@ -185,7 +199,7 @@ In this step, you create a SaltState state file in your configuration repository
    - required: install_mdatp_package
    ```
 
-5. Create a SaltState state file in your configuration repository (typically `/srv/salt`) that applies the necessary states to offboard and remove Defender for Endpoint. Before using the offboarding state file, you need to download the offboarding package from the Security portal and extract it in the same way you did the onboarding package. The downloaded offboarding package is only valid for a limited period of time.
+5. Create a SaltState state file in your configuration repository (typically `/srv/salt`) that applies the necessary states to offboard and remove Defender for Endpoint. Before using the offboarding state file, you need to download the offboarding package from the [Microsoft Defender portal](https://security.microsoft.com) and extract it in the same way you did the onboarding package. The downloaded offboarding package is only valid for a limited period of time.
 
 6. Create an Uninstall state file `uninstall_mdapt.sls` and add the state to remove the `mdatp_onboard.json` file.
 
@@ -199,7 +213,7 @@ In this step, you create a SaltState state file in your configuration repository
        - name: /etc/opt/microsoft/mdatp/mdatp_onboard.json
    ```
 
-6. Add the offboarding file deployment to the `uninstall_mdatp.sls` file after the `remove_mde_onboarding_file` state defined in the previous section.
+7. Add the offboarding file deployment to the `uninstall_mdatp.sls` file after the `remove_mde_onboarding_file` state defined in the previous section.
 
    ```console
     offboard_mde:
@@ -208,7 +222,7 @@ In this step, you create a SaltState state file in your configuration repository
        - source: salt://mde/mdatp_offboard.json
    ```
 
-7. Add the removal of the MDATP package to the `uninstall_mdatp.sls` file after the `offboard_mde` state defined in the previous section.
+8. Add the removal of the MDATP package to the `uninstall_mdatp.sls` file after the `offboard_mde` state defined in the previous section.
 
    ```console
    remove_mde_packages:
@@ -233,10 +247,9 @@ In this step, you create a SaltState state file in your configuration repository
         - name: mdatp
    ```
 
-## Deployment
-
-In this step, you apply the state to the minions. The following command applies the state to machines with the name that begins with `mdetest`.
+## Deploy Defender on Endpoint using the state files created earlier
 
+This step applies to both the installer script or manual configuration method. In this step, you apply the state to the minions. The following command applies the state to machines with the name that begins with `mdetest`.
 
 1. Installation:
 
@@ -263,20 +276,35 @@ In this step, you apply the state to the minions. The following command applies
    salt 'mdetest*' state.apply uninstall_mdatp
    ```
 
-## Log installation issues
+## Troubleshoot installation issues
+
+To troubleshoot issues:
+
+1. For information on how to find the log that's generated automatically when an installation error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).
+
+2. For information about common installation issues, see [Installation issues](/defender-endpoint/linux-support-install).
 
-For more information on how to find the automatically generated log that's created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).
+3. If the health of the device is `false`, see [Defender for Endpoint agent health issues](/defender-endpoint/health-status).
+
+4. For product performance issues, see [Troubleshoot performance issues](/defender-endpoint/linux-support-perf).
+
+5. For proxy and connectivity issues, see [Troubleshoot cloud connectivity issues](/defender-endpoint/linux-support-connectivity).
+
+To get support from Microsoft, open a support ticket, and provide the log files created by using the [client analyzer](/defender-endpoint/run-analyzer-macos-linux).
+
+## How to configure policies for Microsoft Defender on Linux
+
+You can configure antivirus or EDR settings on your endpoints using any of the following methods:
+
+- See [Set preferences for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-preferences).
+- See [security settings management](/mem/intune/protect/mde-security-integration) to configure settings in the Microsoft Defender portal.
 
 ## Operating system upgrades
 
-When upgrading your operating system to a new major version, you must first uninstall Defender for Endpoint on Linux, install the upgrade, and finally reconfigure Defender for Endpoint on Linux on your device.
+When upgrading your operating system to a new major version, you must first uninstall Defender for Endpoint on Linux, install the upgrade, and finally reconfigure Defender for Endpoint on your Linux device.
 
 ## Reference
 
 - [SALT Project documentation](https://docs.saltproject.io/en/latest/topics/about_salt_project.html)
 
-## See also
-
-- [Investigate agent health issues](health-status.md)
-
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]