Microsoft Defender Advanced Threat Protection For Mac Download

| 13-05-2021
[RAND-1-100] Comments

Back in March, Microsoft first announced that it will release Microsoft Defender ATP for Mac. Following internal testing and private preview, Microsoft yesterday announced the public preview of Microsoft Defender ATP for Mac. Based on the feedback from customers during the private preview period, Microsoft has made the following improvements to the product. Enhanced accessibility.

Back in March, Microsoft first announced that it will release Microsoft Defender ATP for Mac. Following internal testing and private preview, Microsoft yesterday announced the public preview of Microsoft Defender ATP for Mac. Based on the feedback from customers during the private preview period, Microsoft has made the following improvements to the product.

Trial
  • Enhanced accessibility
  • Improved performance
  • improved client product health monitoring
  • Localization into 37 languages
  • Improved anti-tampering protections
  • Feedback and samples can now be submitted via the interface.
  • Product health can be queried with JAMF or the command line.
  • Admins can set their cloud preference for any location, not just for those in the US.

Microsoft Defender ATP on Mac can run on devices running macOS Mojave, macOS High Sierra, or macOS Sierra. During the preview period, Microsoft Defender ATP for Mac will allow end users to review and perform configuration of their protection, including:

  • Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
  • Reviewing detected threats
  • Taking actions on threats, including quarantine, remove, or allow

You can learn more about Microsoft Defender ATP for Mac here.

Source: Microsoft

-->

Important

Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

See all results for this question

Windows Defender Advanced Threat Protection Download

This page will guide you through the steps you need to take to set up macOS policies in Jamf Pro.

You'll need to take the following steps:

Step 1: Get the Microsoft Defender ATP onboarding package

  1. In Microsoft Defender Security Center, navigate to Settings > Onboarding.

  2. Select macOS as the operating system and Mobile Device Management / Microsoft Intune as the deployment method.

  3. Select Download onboarding package (WindowsDefenderATPOnboardingPackage.zip).

  4. Extract WindowsDefenderATPOnboardingPackage.zip.

  5. Copy the file to your preferred location. For example, C:UsersJaneDoe_or_JohnDoe.contosoDownloadsWindowsDefenderATPOnboardingPackage_macOS_MDM_contosojamfWindowsDefenderATPOnboarding.plist.

Step 2: Create a configuration profile in Jamf Pro using the onboarding package

  1. Locate the file WindowsDefenderATPOnboarding.plist from the previous section.

  2. In the Jamf Pro dashboard, select New.

  3. Enter the following details:

    General

    • Name: MDATP onboarding for macOS
    • Description: MDATP EDR onboarding for macOS
    • Category: None
    • Distribution Method: Install Automatically
    • Level: Computer Level

  4. In Application & Custom Settings select Configure.

  5. Select Upload File (PLIST file) then in Preference Domain enter: com.microsoft.wdav.atp.

  6. Select Open and select the onboarding file.

  7. Select Upload.

  8. Select the Scope tab.

  9. Select the target computers.

  10. Select Save.

  11. Select Done.

Step 3: Configure Microsoft Defender ATP settings

  1. Use the following Microsoft Defender ATP configuration settings:

    • enableRealTimeProtection
    • passiveMode

    Note

    Not turned on by default, if you are planning to run a third-party AV for macOS, set it to true.

    • exclusions
    • excludedPath
    • excludedFileExtension
    • excludedFileName
    • exclusionsMergePolicy
    • allowedThreats

    Note

    EICAR is on the sample, if you are going through a proof-of-concept, remove it especially if you are testing EICAR.

    • disallowedThreatActions
    • potentially_unwanted_application
    • archive_bomb
    • cloudService
    • automaticSampleSubmission
    • tags
    • hideStatusMenuIcon

    For information, see Property list for Jamf configuration profile.

  2. Save the file as MDATP_MDAV_configuration_settings.plist.

  3. In the Jamf Pro dashboard, select General.

  4. Enter the following details:

    General

    • Name: MDATP MDAV configuration settings
    • Description:<blank>
    • Category: None (default)
    • Distribution Method: Install Automatically(default)
    • Level: Computer Level(default)

  5. In Application & Custom Settings select Configure.

  6. Select Upload File (PLIST file).

  7. In Preferences Domain, enter com.microsoft.wdav, then select Upload PLIST File.

  8. Select Choose File.

  9. Select the MDATP_MDAV_configuration_settings.plist, then select Open.

  10. Select Upload.

    Note

    If you happen to upload the Intune file, you'll get the following error:

  11. Select Save.

  12. The file is uploaded.

  13. Select the Scope tab.

  14. Select Contoso's Machine Group.

  15. Select Add, then select Save.

  16. Select Done. You'll see the new Configuration profile.

Step 4: Configure notifications settings

These steps are applicable of macOS 10.15 (Catalina) or newer.

Microsoft defender advanced threat protection for mac download torrent

  1. Download notif.mobileconfig from our GitHub repository

  2. Save it as MDATP_MDAV_notification_settings.plist.

  3. In the Jamf Pro dashboard, select General.

  4. Enter the following details:

    General

    • Name: MDATP MDAV Notification settings
    • Description: macOS 10.15 (Catalina) or newer
    • Category: None (default)
    • Distribution Method: Install Automatically(default)
    • Level: Computer Level(default)

  5. Select Upload File (PLIST file).

  6. Select Choose File > MDATP_MDAV_Notification_Settings.plist.

  7. Select Open > Upload.

  8. Select the Scope tab, then select Add.

  9. Select Contoso's Machine Group.

  10. Select Add, then select Save.

  11. Select Done. You'll see the new Configuration profile.

Step 5: Configure Microsoft AutoUpdate (MAU)

  1. Use the following Microsoft Defender ATP configuration settings:

  2. Save it as MDATP_MDAV_MAU_settings.plist.

  3. In the Jamf Pro dashboard, select General.

  4. Enter the following details:

    General

    • Name: MDATP MDAV MAU settings
    • Description: Microsoft AutoUpdate settings for MDATP for macOS
    • Category: None (default)
    • Distribution Method: Install Automatically(default)
    • Level: Computer Level(default)

  5. In Application & Custom Settings select Configure.

  6. Select Upload File (PLIST file).

  7. In Preference Domain enter: com.microsoft.autoupdate2, then select Upload PLIST File.

  8. Select Choose File.

  9. Select MDATP_MDAV_MAU_settings.plist.

  10. Select Upload.

  11. Select Save.

  12. Select the Scope tab.

  13. Select Add.

  14. Select Done.

Download Windows Defender Advanced Threat Protection ...

Step 6: Grant full disk access to Microsoft Defender ATP

  1. In the Jamf Pro dashboard, select Configuration Profiles.

  2. Select + New.

  3. Enter the following details:

    General

    • Name: MDATP MDAV - grant Full Disk Access to EDR and AV
    • Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control
    • Category: None
    • Distribution method: Install Automatically
    • Level: Computer level

  4. In Configure Privacy Preferences Policy Control select Configure.

  5. In Privacy Preferences Policy Control, enter the following details:

    • Identifier: com.microsoft.wdav
    • Identifier Type: Bundle ID
    • Code Requirement: identifier 'com.microsoft.wdav' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9

  6. Select + Add.

    • Under App or service: Set to SystemPolicyAllFiles

    • Under 'access': Set to Allow

  7. Select Save (not the one at the bottom right).

  8. Click the + sign next to App Access to add a new entry.

  9. Enter the following details:

    • Identifier: com.microsoft.wdav.epsext
    • Identifier Type: Bundle ID
    • Code Requirement: identifier 'com.microsoft.wdav.epsext' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = UBF8T346G9

  10. Select + Add.

    • Under App or service: Set to SystemPolicyAllFiles

    • Under 'access': Set to Allow

  11. Select Save (not the one at the bottom right).

  12. Select the Scope tab.

  13. Select + Add.

  14. Select Computer Groups > under Group Name > select Contoso's MachineGroup.

  15. Select Add.

  16. Select Save.

  17. Select Done.

Step 7: Approve Kernel extension for Microsoft Defender ATP

  1. In the Configuration Profiles, select + New.

  2. Enter the following details:

    General

    • Name: MDATP MDAV Kernel Extension
    • Description: MDATP kernel extension (kext)
    • Category: None
    • Distribution Method: Install Automatically
    • Level: Computer Level

  3. In Configure Approved Kernel Extensions select Configure.

  4. In Approved Kernel Extensions Enter the following details:

    • Display Name: Microsoft Corp.
    • Team ID: UBF8T346G9

  5. Select the Scope tab.

  6. Select + Add.

  7. Select Computer Groups > under Group Name > select Contoso's Machine Group.

  8. Select + Add.

  9. Select Save.

  10. Select Done.

Step 8: Approve System extensions for Microsoft Defender ATP

  1. In the Configuration Profiles, select + New.

  2. Enter the following details:

    General

    • Name: MDATP MDAV System Extensions
    • Description: MDATP system extensions
    • Category: None
    • Distribution Method: Install Automatically
    • Level: Computer Level

  3. In System Extensions select Configure.

  4. In System Extensions enter the following details:

    • Display Name: Microsoft Corp. System Extensions
    • System Extension Types: Allowed System Extensions
    • Team Identifier: UBF8T346G9
    • Allowed System Extensions:
      • com.microsoft.wdav.epsext
      • com.microsoft.wdav.netext

  5. Select the Scope tab.

  6. Select + Add.

  7. Select Computer Groups > under Group Name > select Contoso's Machine Group.

  8. Select + Add.

  9. Select Save.

  10. Select Done.

Step 9: Configure Network Extension

Windows Defender Advanced Protection

As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.

Note

Microsoft Defender ATP For Mac Now Available For Download - MSPowe…

JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.As such, the following steps provide a workaround that involve signing the configuration profile.

Microsoft Defender Advanced Threat Protection Free Trial

  1. Download netfilter.mobileconfig from our GitHub repository to your device and save it as com.microsoft.network-extension.mobileconfig

  2. Follow the instructions on this page to create a signing certificate using JAMF’s built-in certificate authority

  3. After the certificate is created and installed to your device, run the following command from the Terminal from a macOS device:

  4. From the JAMF portal, navigate to Configuration Profiles and click the Upload button.

  5. Select Choose File and select microsoft.network-extension.signed.mobileconfig.

  6. Select Upload.

  7. After uploading the file, you are redirected to a new page to finalize the creation of this profile.

  8. Select the Scope tab.

  9. Select + Add.

  10. Select Computer Groups > under Group Name > select Contoso's Machine Group.

  11. Select + Add.

  12. Select Save.

  13. Select Done.

Step 10: Schedule scans with Microsoft Defender ATP for Mac

Follow the instructions on Schedule scans with Microsoft Defender ATP for Mac.

Step 11: Deploy Microsoft Defender ATP for macOS

Microsoft Defender ATP For Mac - Windows Security ...

  1. Navigate to where you saved wdav.pkg.

  2. Rename it to wdav_MDM_Contoso_200329.pkg.

  3. Open the Jamf Pro dashboard.

  4. Navigate to Advanced Computer Searches.

  5. Select Computer Management.

  6. In Packages, select + New.

  7. In New Package Enter the following details:

    General tab

    • Display Name: Leave it blank for now. Because it will be reset when you choose your pkg.
    • Category: None (default)
    • Filename: Choose File

    Open the file and point it to wdav.pkg or wdav_MDM_Contoso_200329.pkg.

  8. Select Open. Set the Display Name to Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus.

    • Manifest File: Select Upload Manifest File.

    Options tab
    Keep default values.

    Limitations tab
    Keep default values.

  9. Select Save. The package is uploaded to Jamf Pro.

    It can take a few minutes for the package to be available for deployment.

  10. Navigate to the Policies page.

  11. Select + New to create a new policy.

  12. In General Enter the following details:

    • Display name: MDATP Onboarding Contoso 200329 v100.86.92 or later

  13. Select Recurring Check-in.

  14. Select Save.

  15. Select Packages > Configure.

  16. Select the Add button next to Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus.

  17. Select Save.

  18. Select the Scope tab.

  19. Select the target computers.

    Scope

    Select Add.

    Self-Service

  20. Select Done.