Deploy updates for Microsoft Defender for Endpoint on Linux

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.


Each version of Defender for Endpoint on Linux is set to expire automatically after 9 months. While expired versions continue to receive security intelligence updates, install the latest version to get all available fixes and enhancements.
To check the expiration date, run the following command:

mdatp health --field product_expiration

Generally available Microsoft Defender for Endpoint capabilities are equivalent regardless update channel used for a deployment (Beta (Insider), Preview (External), Current (Production)).

To update Defender for Endpoint on Linux manually, execute one of the following commands:

RHEL and variants (CentOS and Oracle Linux)

sudo yum update mdatp

SLES and variants

sudo zypper update mdatp

Ubuntu and Debian systems

sudo apt-get install --only-upgrade mdatp


When Defender for Cloud is provisioning the Microsoft Defender for Endpoint agent to Linux servers, it will keep the client updated automatically.

To schedule an update of Microsoft Defender for Endpoint on Linux, see Schedule an update of the Microsoft Defender for Endpoint (Linux)


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.