Hello,

Thank you for reaching out to us.

I understand that you are trying to deploy ‘Microsoft Defender for Endpoint’ on Amazon Linux 2 and in the process you are seeing the message “No package mdatp available”. You are looking for assistance on the same.

I simulated your case in our lab environment by launching EC2 Instances on both 64-bit(x86) and 64-bit(Arm) architectures. In my test results, I found that the instance on 64-bit(Arm) arch had the issue “No package mdatp available” although the repository “packages-microsoft-com-prod“ was present in the output of the command “yum repolist”, while the issue was not seen on the instance launched on 64-bit(x86) arch. This suggests that the repository does not have the ‘mdatp’ package for 64-bit(Arm) architecture.

Further, I tried to find a repository suitable for 64-bit(Arm) arch but I could not find any. In the Microsoft documentation[*], I am able to see the Supported Linux server distributions and x64 (AMD64/EM64T) and x86_64 versions to deploy 'Microsoft Defender for Endpoint', and the 64-bit(Arm) versions are not explicitly listed. You may refer further details here:

[*] System requirements: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide

Therefore, I recommend AWS alternatives to 'Microsoft Defender for Endpoint' such as Amazon GaurdDuty[1] or Amazon Inspector[2] for instances on 64-bit(Arm) arch. However, if there is a need for you to use 'Microsoft Defender for Endpoint', then you need to install it on the instances with supported architecture[*].

To check the architecture, run the command below on your EC2 Instance:

#uname -m

I hope this helps.

Have a good day ahead!

References:

[1] Amazon GaurdDuty: https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html

[2] Amazon Inspector: https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html

After running the "yum repolist", I am seeing the similar output

But when I run the command "yum install mdatp -y", I am seeing "No package mdatp available".

Hi

Please validate if the repos have been configured properly. The link has more info on managing packages on Linux 2. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-software.html

If you run "yum repolist", it should show the following similar output :

Thanks

I have a follow-up to this. I have installed MDE on my AWS Linux2 ec2 instances that we provision using terraform. I'm trying to resolve the DNS that MDE sees in the console. The MDE endpoint is healthy and active and the MDE console pulls the PrivateIP DNS as the server name. This is okay until the dynamic IP changes.

I'm trying to figure out the best method to resolve this. We have Route53 which will point to an Instance, ALB, or Elastic IP but MDE doesn't check it because it pulls the info from the endpoint client. I haven't found any documentation on MDE to see if it can reference the Route53 record name. I know we can tag the instances on MDE. But is there a better way to adjust the EC2 instances so it doesn't pull the PrivateIP DNS, I know there is also the InstanceID but that is not useful for the MDE security team since it doesn't describe the instance. Ideally, I'll need to be able to do this via Terraform because we try to avoid administration via the console.

I've looked over this: Configure the servername on the instance- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html Update all of our EC2 instances setting a friendly host name - https://stackoverflow.com/questions/54327541/how-to-set-hostname-with-cloud-init-and-terraform