Skip to Content

MC1388718 Microsoft Defender for Endpoint: Update to Linux connectivity requirements with new service URLs to allowlist

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1388718 Microsoft Defender for Endpoint: Update to Linux connectivity requirements with new service URLs to allowlist

Summary

  • Microsoft Defender for Endpoint on Linux now retrieves internal configuration updates from new service URLs; these must be allowlisted per your tenant type.
  • Affected: organizations using Defender for Endpoint on Linux endpoints (agents require outbound access to the listed URLs).
  • Admin action: review firewall/proxy rules and allowlist the single URL that matches your tenant environment (Commercial, GCC Moderate, GCC High, or DoD).
  • Note: the hostnames contain legacy product names (skype, teams, office) but are shared Microsoft infrastructure endpoints; only the URL for your tenant type needs to be allowed.

Primary Service: Defender XDR
Admin Impact: High
User Impact: Low
Release Start: 01 Jun 2026
Release End: 01 Jun 2026
Services: Defender, Defender XDR, Security
Category: Plan for change
Tags: Admin Action, User Adoption

History

6/12/2026 Item Added to Message Center

Microsoft Message

What and Why

We’ve made updates to Microsoft Defender for Endpoint on Linux network connectivity requirements.

As part of this update, Defender for Endpoint on Linux now uses new service URLs to deliver internal configuration updates and new capabilities.

Rollout schedule

  • General Availability (Worldwide, GCC, GCC High, DoD): Available now

Impact on your organization

Who is affected

  • Organizations using Microsoft Defender for Endpoint on Linux devices

Platforms and services

  • Microsoft Defender for Endpoint
  • Linux endpoints

What will happen

  • Defender for Endpoint on Linux now uses the following service URLs to deliver internal configuration updates and new capabilities:
    • Commercial: https://config.edge.skype.com/config/v1
    • DoD: https://config.ecs.dod.teams.microsoft.us/config/v1
    • GCC High: https://config.ecs.gov.teams.microsoft.us/config/v1
    • GCC Moderate: https://gccmod.ecs.office.com/config/v1
  • Important:
    • You only need to allowlist the URL applicable to your tenant type.
    • URLs containing skype, teams, or office are shared Microsoft infrastructure endpoints (not tied to those products), with these terms retained as a legacy artifact for backward compatibility.
  • These URLs are used to securely deliver internal configuration updates from Microsoft to Defender for Endpoint agents running on Linux devices to support the following scenarios:
    • Mitigation of critical issues – In rare cases, configuration updates can be rapidly deployed to adjust or disable specific features to contain impact while a permanent fix is developed.
    • Runtime configurations – Microsoft continuously monitors endpoint health and performance and may push internal configuration updates to optimize resource usage and improve detection accuracy.
    • Feature rollout and innovation – These URLs are used to roll out new features and enhancements in a phased manner. While capabilities are delivered through these endpoints, enabling or disabling specific features remains under customer control. For example, a feature such as Behaviour Monitoring may be made available via these URLs, but customers can choose whether to enable it.
  • We understand the importance of transparency and control. While the contents of these configurations are internal to Microsoft and not externally exposed, they are validated and governed by strict security and compliance standards. These updates do not modify customer-defined policies or configurations.
  • If the required URL is not allowlisted, devices may:
    • Miss critical configuration updates
    • Not receive the latest product features and enhancements
  • There is no change to user experience.

Action required or recommendations

  • Review your network configuration and ensure that the appropriate URL for your tenant type is allowlisted for outbound connectivity from Linux endpoints.
  • No action is required if the appropriate URL is already allowlisted.

Learn more:

  • Microsoft Defender for Endpoint streamlined connectivity URLs – commercial | Microsoft Defender for Endpoint | Microsoft Defender | Microsoft Learn
  • Microsoft Defender for Endpoint streamlined connectivity URLs – US government environments | Microsoft Defender for Endpoint | Microsoft Learn

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.