Forum Discussion
MDE configuration for Linux via managed JSON
Per this Microsoft article, a JSON file is being used to configure basic MDE settings on Debian 11 servers:
{
"antivirusEngine":{
"enforcementLevel":"real_time",
"threatTypeSettings":[
{
"key":"potentially_unwanted_application",
"value":"block"
},
{
"key":"archive_bomb",
"value":"audit"
}
]
},
"cloudService":{
"automaticDefinitionUpdateEnabled":true,
"automaticSampleSubmissionConsent":"safe",
"enabled":true
}
}Despite the setting to configure PUA protection in block mode, the Defender portal shows a security recommendation which states: "Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux". The server has been rebooted and mdatp health has been confirmed. Why might Defender still think that PUA protection isn't on?
Hello dillont,
It could be a sync or reporting delay between the Defender client on your Debian server and the Defender portal. You might try running mdatp health again to check if the setting is actually applied. Also, ensure that Defender has the latest definitions and that the JSON file was correctly processed. If the issue persists, you may need to force a policy sync or reapply the configuration.
Hope it helps!
Regards
