MC1388718Microsoft Defender for Endpoint: Update to Linux connectivity requirements with new service URLs to allowlist
Summary
Microsoft Defender for Endpoint on Linux now requires allowlisting new service URLs specific to tenant types for delivering internal configuration updates, feature rollouts, and critical issue mitigations. This update is available worldwide, with no change to user experience, and ensures devices receive the latest features and optimizations.
More information
What and Why
We’ve made updates to Microsoft Defender for Endpoint on Linux network connectivity requirements.
As part of this update, Defender for Endpoint on Linux now uses new service URLs to deliver internal configuration updates and new capabilities.
Rollout schedule
- General Availability (Worldwide, GCC, GCC High, DoD): Available now
Impact on your organization
Who is affected
- Organizations using Microsoft Defender for Endpoint on Linux devices
Platforms and services
- Microsoft Defender for Endpoint
- Linux endpoints
What will happen
- Defender for Endpoint on Linux now uses the following service URLs to deliver internal configuration updates and new capabilities:
- Important:
- You only need to allowlist the URL applicable to your tenant type.
- URLs containing skype, teams, or office are shared Microsoft infrastructure endpoints (not tied to those products), with these terms retained as a legacy artifact for backward compatibility.
- These URLs are used to securely deliver internal configuration updates from Microsoft to Defender for Endpoint agents running on Linux devices to support the following scenarios:
- Mitigation of critical issues - In rare cases, configuration updates can be rapidly deployed to adjust or disable specific features to contain impact while a permanent fix is developed.
- Runtime configurations - Microsoft continuously monitors endpoint health and performance and may push internal configuration updates to optimize resource usage and improve detection accuracy.
- Feature rollout and innovation - These URLs are used to roll out new features and enhancements in a phased manner. While capabilities are delivered through these endpoints, enabling or disabling specific features remains under customer control. For example, a feature such as Behaviour Monitoring may be made available via these URLs, but customers can choose whether to enable it.
- We understand the importance of transparency and control. While the contents of these configurations are internal to Microsoft and not externally exposed, they are validated and governed by strict security and compliance standards. These updates do not modify customer-defined policies or configurations.
- If the required URL is not allowlisted, devices may:
- Miss critical configuration updates
- Not receive the latest product features and enhancements
- There is no change to user experience.
Action required or recommendations
- Review your network configuration and ensure that the appropriate URL for your tenant type is allowlisted for outbound connectivity from Linux endpoints.
- No action is required if the appropriate URL is already allowlisted.
Learn more:
- Microsoft Defender for Endpoint streamlined connectivity URLs - commercial | Microsoft Defender for Endpoint | Microsoft Defender | Microsoft Learn
- Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments | Microsoft Defender for Endpoint | Microsoft Learn
Compliance considerations
No compliance considerations identified. Review as appropriate for your organization.