From 6a4d273b45d7862af8004941e599ab7ec9d8563e Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Mon, 3 Feb 2020 18:08:03 -0800 Subject: [PATCH 1/3] Ignore App Version on Intune Adding a stronger message to use Ignore App Version=Yes --- .../mac-install-with-intune.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 6a79d9fca6..c33e467197 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -294,27 +294,28 @@ Once the Intune changes are propagated to the enrolled devices, you can see them 2. Select **App type=Other/Line-of-business app**. 3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. 4. Select **Configure** and add the required information. -5. Use **macOS High Sierra 10.13** as the minimum OS and set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. +5. Use **macOS High Sierra 10.13** as the minimum OS. +6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. > [!CAUTION] - > Failure to set *Ignore app version* to **Yes** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. + > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. Intune will reinstall the uploaded version, effectively downgrading Defender to the uploaded version and potentially result in non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push policy update to the affected machine. ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) -6. Select **OK** and **Add**. +7. Select **OK** and **Add**. ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-9-IntunePkgInfo.png) -7. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**. +8. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**. ![Client apps screenshot](../windows-defender-antivirus/images/MDATP-10-ClientApps.png) -8. Change **Assignment type** to **Required**. -9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. +9. Change **Assignment type** to **Required**. +10. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. ![Intune assignments info screenshot](../windows-defender-antivirus/images/MDATP-11-Assignments.png) -10. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**: +11. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**: ![Intune device status screenshot](../windows-defender-antivirus/images/MDATP-12-DeviceInstall.png) From 8f557be3947c05b7edb11e8db0938c2ddd149828 Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Thu, 6 Feb 2020 11:01:12 -0800 Subject: [PATCH 2/3] Fix broken picture --- .../threat-protection/microsoft-defender-atp/mac-exclusions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 2dda7ca218..6459e6190e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -56,7 +56,7 @@ For more information on how to configure exclusions from JAMF, Intune, or anothe Open the Microsoft Defender ATP application and navigate to **Manage settings** > **Add or Remove Exclusion...**, as shown in the following screenshot: -![[Manage exclusions screenshot](../windows-defender-antivirus/images/mdatp-37-exclusions.png) +![Manage exclusions screenshot](../windows-defender-antivirus/images/mdatp-37-exclusions.png) Select the type of exclusion that you wish to add and follow the prompts. From 1b29c76992ef0cfbcfc9cf10f952d206df484ec7 Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Thu, 6 Feb 2020 19:12:58 -0800 Subject: [PATCH 3/3] Update mac-install-with-intune.md --- .../microsoft-defender-atp/mac-install-with-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index c33e467197..b9fc6be006 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -298,7 +298,7 @@ Once the Intune changes are propagated to the enrolled devices, you can see them 6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. > [!CAUTION] - > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. Intune will reinstall the uploaded version, effectively downgrading Defender to the uploaded version and potentially result in non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push policy update to the affected machine. + > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push the updated policy. ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-8-IntuneAppInfo.png)