02:08 How to configure WSL ?
05:46 How to install MDE plugin ?
What is Windows Subsystem for Linux?
Windows Subsystem for Linux (WSL) is a feature of Windows that allows you to run a Linux environment on your Windows machine, without the need for a separate virtual machine or dual booting. WSL is designed to provide a seamless and productive experience for developers who want to use both Windows and Linux at the same time.
Supported Distribution
Debian
Kali Linux Rolling
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Ubuntu 22.04 LTS
Oracle Linux 7.9
Oracle Linux 8.7
Oracle Linux 9.1
openSUSE Leap 15.5
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise 15 SP5
openSUSE Tumbleweed
Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL)
Prerequisites
1) WSL version 2.0.7 or later 
2)Defender for Endpoint must be onboarded and running on the Windows host OS.
3)Windows 10, version 2004 and higher (build 19041 and higher) or Windows 11
--Install the MSI file downloaded from the onboarding section in the Microsoft Defender portal
--Run the command healthcheck.exe from C:\Program Files\Microsoft Defender for Endpoint plug-in for WSL\tools\ to validate the plug-in health status
--Create registry key in windows host device
Name: ConnectivityTest
Type: REG_DWORD
Value: Number of seconds plug-in must wait before running test. (Recommended: 60 seconds)
Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss\Plugins\DefenderPlug-in
--Restart WSL, wait for 5 min and run above validation command(healthceck.exe) to check the MDE connectivity status
----Query to get the host and instance detail
DeviceInfo  
| where OSPlatform == "Linux" and isempty(HostDeviceId) != true
| distinct WSLDeviceId=DeviceId, HostDeviceId,DeviceName;

Reference link:
learn.microsoft.com/en-us/microsoft-365/security/d…
learn.microsoft.com/en-us/windows/wsl/about

#mde #defenderforendpoint #dfe #microsoftsecurity #wsl #linux #windows11 #m365defender #microsoftdefender #linuxonwindows #microsoftloveslinux