Open-source applications don’t get much in the way of protection.

However in recent years Microsoft has taken steps to change that and especially as it relates to Linux.

A few months back the company expanded those protections by adding endpoint detection and response (EDR) to Defender for Endpoint.

More recently Microsoft added that capability for Azure Defender customers as well. There is a fair amount of cross-pollination here because Linux distributions dominate virtual machine OSes on the Azure Cloud. That means these moves are very much in Microsoft’s best interests.

Note that in order to make use of Defender’s enhanced capabilities you’ll need to be running Microsoft Defender for Endpoint version 101.45.13 or later.

Microsoft had this to say about the changes:

“The complete set of the previously released antivirus (AV) and EDR capabilities now applies to these newly added Linux distributions. [Threat and vulnerability management] coverage will be expanded with Amazon Linux and Fedora in coming months.

With behavior monitoring, Microsoft Defender for Endpoint on Linux protection is expanded to generically intercept whole new classes of threats such as ransom sensitive data collection, crypto mining and others. Behavior monitoring alerts appear in the Microsoft 365 Defender alongside all other alerts and can be effectively investigated.

Behavior monitoring provides effective measures against ransomware attacks which can be achieved using a variety of legitimate tools (for example, gpg, openssl) while carrying similar patterns from OS behavior perspective. Many of such patterns can be picked up by the behavior monitoring engine in a generic way.”

Future enhancements will include the ability to monitor and protect against ransomware threats via machine learning techniques.

This is big news for anyone using a Linux distribution. It’s good to know that a company with vast resources like Microsoft is working to keep open-source OSes safe. Kudos to Microsoft for that.