Microsoft Defender for Endpoint on Linux and MacOS – Mandatory Update to ‘Required’ URLs List

Originally posted by Microsoft Jul 12, 2022 Microsoft 365 suite 0 Comments

We recently announced the general availability and gradual roll-out of our enhanced anti-malware engine for Linux and macOS.

Note: If your organization is not using Linux or macOS you can safely disregard this message.

When this will happen:

Starting July 31, 2022, access to certain Microsoft URLs will be *required* to ensure uninterrupted cloud-delivered protection on your Linux and macOS systems behind a proxy.

How this will affect your organization:

Organizations that have not allow-listed access to the below mentioned URLs by July 31, 2022 will be unable to download threat definition updates required for effective anti-malware protection.

What you need to do to prepare:

To ensure Microsoft Defender Antivirus cloud-delivered protection works correctly, your security/IT team must configure your network/proxy/internet settings to allow connections between your endpoints and certain Microsoft URLs. To support the new Microsoft Defender for Endpoint on Linux and macOS anti-malware engine enhancements, you must allow-list within the proxy ecosystem in your environment the following URL endpoints:

• go.microsoft.com
• definitionupdates.microsoft.com
• https://www.microsoft.com/security/encyclopedia/adlpackages.aspx
• *.wdcp.microsoft.com
• *.wd.microsoft.com

Version Requirements: Minimum version requirements to enable a smooth transition:

1. The minimum Microsoft Defender for Endpoint version number must be 101.62.64 Feb 2022 build
2. Soon after migration begins, versions older than 101.62.64 will stop getting protection updates

Note: Additionally, to support definitions storage in non-standard locations (outside of /var) for definition updates please ensure that you are at version 101.71.18.

Additional information is available in our documentation and also on our blog.

Message ID: MC399488