Microsoft Defender for Endpoint: Update to Linux connectivity requirements with new service URLs to allowlist

🚨 The Signal: Microsoft Defender for Endpoint on Linux now uses new service URLs for configuration updates. Organisations must allowlist these URLs to ensure continued security updates and functionality for Linux endpoints, maintaining their security posture.

The Impact

Security teams are affected by a potential loss of endpoint protection on Linux devices if network allowlists are not updated, increasing vulnerability.

• Security Teams: Risk of Linux endpoints not receiving critical security updates.
• Network Administrators: Required to update firewall rules or proxy configurations.
• Linux Endpoint Users: Potential for reduced protection if updates are blocked.

The Action

1. Identify your Microsoft 365 tenant type (Commercial, DoD, GCC High, GCC Moderate).
2. Locate the new service URL applicable to your tenant type: e.g., Commercial: https://config.edge.skype.com/config/v1.
3. Update network allowlists (firewalls, proxies) to permit outbound connectivity to the identified URL.
4. Verify Defender for Endpoint on Linux endpoints are successfully receiving configuration updates.

Domain: Defender · Impact: high · Workload: Microsoft Defender · Essential Eight: Patch Operating Systems, Application Control · ISM: ISM-0843, ISM-1407, ISM-1490, ISM-1501, ISM-1544, ISM-1582, ISM-1621, ISM-1622, ISM-1623, ISM-1654, ISM-1655, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1694, ISM-1695, ISM-1696, ISM-1701, ISM-1702, ISM-1870, ISM-1871, ISM-1877, ISM-1889, ISM-1902