Microsoft has a preview of its Offline Security Intelligence Update for Linux endpoints

Microsoft has released a public preview of a new feature that will enable IT administrators to have more control over security updates for organizations using Linux endpoints for their servers.

The company announced on the Microsoft Defender for Endpoint blog that a public preview of its Offline Security Intelligence Update is now available. This update allows a single server within an organization to connect to a Microsoft cloud server and retrieve the most recent security signatures. These signatures can then be distributed to the Linux servers within the organization without the need for them to connect to the internet.

The blog post outlines several benefits of this particular setup. One such advantage is the ability for an IT administrator to download the latest security signatures onto a single server and test them with a Linux endpoint server while offline. This feature enables the administrator to ensure the proper functioning of the signatures before deploying them to all endpoints.

The bandwidth capacity of a business or organization can also be reduced when only one server is connected to the cloud. Furthermore, the local service, which is connected to the cloud, can support operating systems such as Windows, Mac, or Linux without requiring the use of Defender for Endpoint on the server.

In the event of any problems, this setup does have backups available. This was confirmed by Microsoft, who stated:

For every update, signature with n-1 version is moved to a backup folder on the local server. In case of any issue with the latest signature, you can pull the n-1 signature version from the backup folder to your endpoints. On the rare occasion offline update fails, you can also choose to fallback to online update directly from Microsoft Cloud.

To obtain this offline setup, users must ensure that their Defender for Endpoint is updated to version 101.24022.000 or higher.