Configure Microsoft Defender for Endpoint on Linux for static proxy discovery
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Microsoft Defender for Endpoint can discover a proxy server using the
HTTPS_PROXY environment variable. This setting must be configured both at installation time and after the product has been installed.
Installation time configuration
During installation, the
HTTPS_PROXY environment variable must be passed to the package manager. The package manager can read this variable in any of the following ways:
HTTPS_PROXYvariable is defined in
/etc/environmentwith the following line:
HTTPS_PROXYvariable is defined in the package manager global configuration. For example, in Ubuntu 18.04, you can add the following line to
Note that above two methods could define the proxy to use for other applications on your system. Use this method with caution, or only if this is meant to be a generally global configuration.
HTTPS_PROXYvariable is prepended to the installation or uninstallation commands. For example, with the APT package manager, prepend the variable as follows when installing Microsoft Defender for Endpoint:
HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
Do not add sudo between the environment variable definition and apt, otherwise the variable will not be propagated.
HTTPS_PROXY environment variable may similarly be defined during uninstallation.
Note that installation and uninstallation will not necessarily fail if a proxy is required but not configured. However, telemetry will not be submitted, and the operation could take much longer due to network timeouts.
Post installation configuration
After installation, configure Defender for Endpoint with static proxy using the following method:
mdatp config proxy set --value http://address:port
This method works for every distribution of Defender for Endpoint on Linux and is Recommended.
HTTPS_PROXY environment variable must be defined in the Defender for Endpoint service file. To do this, run
sudo systemctl edit --full mdatp.service.
You can then propagate the variable to the service in one of two ways:
Uncomment the line
#Environment="HTTPS_PROXY=http://address:port"and specify your static proxy address.
Add a line
EnvironmentFile=/path/to/env/file. This path can point to
/etc/environmentor a custom file, either of which needs to add the following line:
mdatp.service, save the file and restart the service so the changes can be applied using the following commands:
sudo systemctl daemon-reload; sudo systemctl restart mdatp
To remove any additions you might have made before uninstalling
mdatp, delete the custom file from
Red Hat Enterprise Linux 6.X and CentOS 6.X don't support systemctl and /etc/environment methods. To configure static proxy for MDE on these distributions, use the Recommended mdatp config proxy set method.
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.