Cannot select "prod" channel for MDE

[ChrisRitson]

The Microsoft repo layout means that the fixed string "prod" is not used when selecting the production channel for MDE. Instead the short codename for an Ubuntu distro is used (e.g. bionic). Here's a possible patch (which will need refining)

` diff --git a/REFERENCE.md b/REFERENCE.md index 078377b..5d977ea 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -52,11 +52,11 @@ Source (as in file resource attribute called source) of the JSON file you ex

channel

-Data type: Optional[Enum['prod','insiders-fast','insiders-slow']] +Data type: String # Use distro codename for "prod channel" or one of ['insiders-fast','insiders-slow']

The release channel you want to use.

-Default value: lookup('microsoft_defender_atp_agent::default_channel') +Default value: $::facts['os']['distro']['codename']

manage_sources

diff --git a/data/common.yaml b/data/common.yaml index b61585d..79c7e7a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,6 +1,5 @@

-microsoft_defender_atp_agent::default_channel: prod microsoft_defender_atp_agent::default_manage_sources: true

Shouldn't need to change the below unless MS change something

microsoft_defender_atp_agent::package_name: mdatp `

[ChrisRitson]

That format is terrible. Here's a patch file default_mde_channel.txt .

[ChrisRitson]

Oops - time to stop! That first attempted patch was incomplete.

default_mde_channel.txt

[threepistons]

We can use facts for the lookup of what "prod" maps to.