For organizations that have Linux endpoints for their servers, Microsoft has launched a public preview of a new feature that should allow IT admins to offer a little more control for security updates.
In a post on the Microsoft Defender for Endpoint blog, the company revealed it has launched a public preview of its Offline Security Intelligence Update. It allows one server in an organization to connect to a cloud server from Microsoft to get the latest security signatures. That server can then be used to deliver those signatures to a group"s Linux server endpoints, without any of those servers having go sign online to get them.
The blog post points out a number of advantages to this setup. For example, if an IT admin had concerns about the latest security signatures, they could download them on one server and then test them with a Linux endpoint server offline. This allows the admin to make sure they work before they are sent to all the endpoints.
The bandwidth of a business or organization can also be cut down, again due to just one server being connected to the cloud. Also, that local but cloud-connected service can run Windows, Mac, or Linux without having to use Defender for Endpoint on that server.
If there are any issues, this setup does have backups. Microsoft stated:
For every update, signature with n-1 version is moved to a backup folder on the local server. In case of any issue with the latest signature, you can pull the n-1 signature version from the backup folder to your endpoints. On the rare occasion offline update fails, you can also choose to fallback to online update directly from Microsoft Cloud.
Users who want this offline setup should update their version of Defender for Endpoint to version 101.24022.000 or above. You can learn more about how to set up the local server and the Linux endpoint servers at this support page.