Defender for Endpoint: Broad Support for Linux Servers

• Defender for Endpoint supports a wide range of Linux distributions running on VMs and physical servers.
• The feature set is on par with what is available for Windows Server.
• Defender for Endpoint supports systems running on x64 and Arm64 releases of Linux.
• The appeal of Defender for Endpoint on Linux will depend greatly on a customer’s mix of Windows and Linux.

Defender for Endpoint now supports numerous distributions of Linux on x64 and Arm64 hardware running on physical servers and VMs. (Microsoft’s on-premises Endpoint Protection software no longer supports non-Windows platforms.) Defender for Endpoint competes with a range of third-party endpoint detection and response (EDR) solutions with Linux support, including offerings from CrowdStrike, Red Canary, and SentinelOne. The appeal of Defender for Endpoint on Linux will depend on a customer’s mix of Windows and Linux. Those with significant investments outside of Windows, including Linux servers or Mac laptops, may find third-party solutions offer a more consistent set of features. But customers predominantly using Windows may find several benefits to using Defender for Endpoint EDR on their Linux servers. These benefits include the integration of incident data from Linux systems into the same tooling as their Windows systems and the inclusion of EDR billing as a part of their Azure spend (regardless of where the Linux server is hosted).