Deploy updates for Microsoft Defender for Endpoint on Linux

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.


Each version of Defender for Endpoint on Linux has an expiration date, after which it will no longer continue to protect your device. You must update the product prior to this date. To check the expiration date, run the following command:

mdatp health --field product_expiration

Generally available Microsoft Defender for Endpoint capabilities are equivalent regardless update channel used for a deployment (Beta (Insider), Preview (External), Current (Production)).

To update Defender for Endpoint on Linux manually, execute one of the following commands:

RHEL and variants (CentOS and Oracle Linux)

sudo yum update mdatp

SLES and variants

sudo zypper update mdatp

Ubuntu and Debian systems

sudo apt-get install --only-upgrade mdatp


When integrating Microsoft Defender for Endpoint and Defender for Cloud, the mdatp agent will automatically receive updates by default.

To schedule an update of Microsoft Defender for Endpoint on Linux, see Schedule an update of the Microsoft Defender for Endpoint (Linux)