deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

Browse Source
This commit is contained in:
officedocspr 2019-11-01 22:57:35 +00:00
commit 165576c85a
13 changed files with 269 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
devices/hololens/TOC.md
View File

@ -23,17 +23,17 @@
## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
# User management and access management
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)
# Navigating Windows Holographic
## [Start menu and mixed reality home](holographic-home.md)
## [Use your voice with HoloLens](hololens-cortana.md)
## [Find and save files](hololens-find-and-save-files.md)
## [Create, share, and view photos and video](holographic-photos-and-video.md)
# User management and access management
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)
# Holographic Applications
## [Try 3D Viewer](holographic-3d-viewer-beta.md)
## [Find, install, and uninstall applications](holographic-store-apps.md)

12
devices/hololens/hololens2-basic-usage.md
View File

@ -28,7 +28,7 @@ This guide provides an intro to:
On HoloLens, holograms blend the digital world with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can always see your surroundings, move freely, and interact with people and objects. We call this experience "mixed reality".
The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision unobscured. With spatial sound, you can pinpoint a hologram by listening, even if its behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision clear. With spatial sound, you can pinpoint a hologram by listening, even if its behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
Getting around HoloLens is a lot like using your smart phone. You can use your hands to touch and manipulate holographic windows, menus, and buttons.
@ -54,6 +54,8 @@ To bring up a **context menu**, like the ones you'll find on an app tile in the
## Use hand ray for holograms out of reach
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZOum]
When there are no holograms near your hands, the **touch cursor** will hide automatically and **hand rays** will appear from the palm of your hands. Hand rays allow you to interact with holograms from a distance.
> [!TIP]
@ -71,6 +73,8 @@ To select something using **hand ray**, follow these steps:
### Grab using air tap and hold
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxnh]
To grab a hologram or scroll app window content using **hand ray**, start with an **air tap**, but keep your fingers together instead of releasing them.
Use **air tap and hold** to perform the following actions with hand ray:
@ -81,7 +85,9 @@ Use **air tap and hold** to perform the following actions with hand ray:
## Start gesture
The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. Youll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where youre looking**.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxng]
The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. Youll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where youre looking**.
> [!TIP]
>
@ -135,6 +141,8 @@ Move a hologram or app by following these steps:
### Resizing holograms
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZYIb]
Grab and use the **resize handles** that appear on the corners of 3D holograms and app windows to resize them.
For an app window, when resized this way the window content correspondingly increases in size and becomes easier to read.

25
devices/hololens/hololens2-setup.md
View File

@ -1,6 +1,7 @@
---
title: Prepare a new HoloLens 2
description: This guide walks through first time set up and hardware guide.
keywords: hololens, lights, fit, comfort, parts
ms.assetid: 02692dcf-aa22-4d1e-bd00-f89f51048e32
ms.date: 9/17/2019
keywords: hololens
@ -68,14 +69,14 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL
### Charging behavior
| State of the Device | Action | HoloLens 2 will do this |
| State of the Device | Action | HoloLens 2 will do this |
| - | - | - |
| OFF | Plug in USB Cable | Device transitions to ON with indicator lights showing battery level and device starts charging.
| ON | Remove USB Cable | Device stops charging
| ON | Plug in USB Cable | Device starts charging
| SLEEP | Plug in USB Cable | Device starts charging
| SLEEP | Remove USB Cable | Device stops charging
| ON with USB cable pluged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
| OFF | Plug in USB Cable | Device transitions to ON with indicator lights showing battery level and device starts charging.
| ON | Remove USB Cable | Device stops charging
| ON | Plug in USB Cable | Device starts charging
| SLEEP | Plug in USB Cable | Device starts charging
| SLEEP | Remove USB Cable | Device stops charging
| ON with USB cable plugged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
### Lights that indicate the battery level
@ -89,18 +90,18 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL
### Sleep Behavior
| State of the Device | Action | HoloLens 2 will do this |
| State of the Device | Action | HoloLens 2 will do this |
| - | - | - |
| ON | Single Power button press | Device transitions to SLEEP and turns off all indicator lights |
| ON | No movement for 3 minutes | Device transition to SLEEP and turns off all indicator lights |
| SLEEP | Single Power button Press | Device transitions to ON and turns on indicator lights |
| ON | Single Power button press | Device transitions to SLEEP and turns off all indicator lights |
| ON | No movement for 3 minutes | Device transition to SLEEP and turns off all indicator lights |
| SLEEP | Single Power button Press | Device transitions to ON and turns on indicator lights |
### Lights to indicate problems
| When you do this | The lights do this | It means this |
| - | - | - |
| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. |
| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. |
| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. |
## Safety and comfort

2
windows/deployment/update/windows-update-error-reference.md
View File

@ -137,7 +137,7 @@ The following errors map to `SOAP_ERROR_CODE`s from the `Atlsoap.h` file. These
| 0x8024401E | `WU_E_PT_HTTP_STATUS_GONE` | Same as HTTP status 410 - requested resource is no longer available at the server. |
| 0x8024401F | `WU_E_PT_HTTP_STATUS_SERVER_ERROR` | Same as HTTP status 500 - an error internal to the server prevented fulfilling the request. |
| 0x80244020 | `WU_E_PT_HTTP_STATUS_NOT_SUPPORTED` | Same as HTTP status 500 - server does not support the functionality required to fulfill the request. |
| 0x80244021 | `WU_E_PT_HTTP_STATUS_BAD_GATEWAY` | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfil the request. |
| 0x80244021 | `WU_E_PT_HTTP_STATUS_BAD_GATEWAY` | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfill the request. |
| 0x80244022 | `WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL` | Same as HTTP status 503 - the service is temporarily overloaded. |
| 0x80244023 | `WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT` | Same as HTTP status 503 - the request was timed out waiting for a gateway. |
| 0x80244024 | `WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP` | Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request. |

6
windows/deployment/upgrade/resolution-procedures.md
View File

@ -699,12 +699,12 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
| 0XC1900105 | MOSETUP_E_TEST_MODE | The installation process is being used in a test environment. |
| 0XC1900106 | MOSETUP_E_TERMINATE_PROCESS | The installation process was terminated. |
| 0XC1900107 | MOSETUP_E_CLEANUP_PENDING | A cleanup operation from a previous installation attempt is still pending. A system reboot is required. |
| 0XC1900108 | MOSETUP_E_REPORTING | An error has occured and the result value must be consolidated for telemetry purposes. |
| 0XC1900108 | MOSETUP_E_REPORTING | An error has occurred and the result value must be consolidated for telemetry purposes. |
| 0XC1900109 | MOSETUP_E_COMPAT_TERMINATE | The installation process was terminated during the actionable compatibility phase. |
| 0XC190010a | MOSETUP_E_UNKNOWN_CMD_LINE | The installation process was launched with an unknown command line argument. |
| 0XC190010a | MOSETUP_E_UNKNOWN_CMD_LINE | The installation process was launched with an unknown command-line argument. |
| 0XC190010b | MOSETUP_E_INSTALL_IMAGE_NOT_FOUND | The installation image was not found. |
| 0XC190010c | MOSETUP_E_AUTOMATION_INVALID | The provided automation information was invalid. |
| 0XC190010d | MOSETUP_E_INVALID_CMD_LINE | The installation process was launched with an invalid command line argument. |
| 0XC190010d | MOSETUP_E_INVALID_CMD_LINE | The installation process was launched with an invalid command-line argument. |
| 0XC190010e | MOSETUP_E_EULA_ACCEPT_REQUIRED | The installation process requires that the user accept the license agreement. |
| 0XC1900110 | MOSETUP_E_EULA_CANCEL | The user has chosen to cancel for license agreement. |
| 0XC1900111 | MOSETUP_E_ADVERTISE_CANCEL | The user has chosen to cancel for advertisement. |

4
windows/security/threat-protection/TOC.md
View File

@ -320,8 +320,12 @@
##### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md)
#### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md)
#### [Configure Microsoft Defender ATP for Mac]()
##### [Configure and validate exclusions](windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md)
##### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md)
##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/microsoft-defender-atp-mac-pua.md)
#### [Troubleshoot Microsoft Defender ATP for Mac]()
##### [Troubleshoot performance issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md)
##### [Troubleshoot kernel extension issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md)
#### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md)
#### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md)

BIN
windows/security/threat-protection/windows-defender-antivirus/images/mdatp-36-rtp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
windows/security/threat-protection/windows-defender-antivirus/images/mdatp-37-exclusions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 204 KiB

82
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md Normal file
View File

@ -0,0 +1,82 @@
---
title: Configure and validate exclusions for Microsoft Defender ATP for Mac
ms.reviewer:
description: Describes how to provide and validate exclusions for Microsoft Defender ATP for Mac. Exclusions can be set for files, folders, and processes.
keywords: microsoft, defender, atp, mac, exclusions, scans, antivirus
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Configure and validate exclusions for Microsoft Defender ATP for Mac
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring.
>[!IMPORTANT]
>The exclusions described in this article don't apply to other Microsoft Defender ATP for Mac capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender ATP for Mac scans.
Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Microsoft Defender ATP for Mac.
>[!WARNING]
>Defining exclusions lowers the protection offered by Microsoft Defender ATP for Mac. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
## Supported exclusion types
The follow table shows the exclusion types supported by Microsoft Defender ATP for Mac.
Exclusion | Definition | Examples
---|---|---
File extension | All files with the extension, anywhere on the machine | .test
File | A specific file identified by the full path | /var/log/test.log
Folder | All files under the specified folder | /var/log/
Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat<br/>cat
## How to configure the list of exclusions
### From the management console
For more information on how to configure exclusions from JAMF, Intune, or another management console, see [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
### From the user interface
Open the Microsoft Defender ATP application and navigate to **Manage settings** > **Add or Remove Exclusion...**, as shown in the following screenshot:
![Manage exclusions screenshot](images/mdatp-37-Exclusions.png)
Select the type of exclusion that you wish to add and follow the prompts.
## Validate exclusions lists with the EICAR test file
You can validate that your exclusion lists are working by using `curl` to download a test file.
In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path.
```bash
$ curl -o test.txt http://www.eicar.org/download/eicar.com.txt
```
If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).
If you do not have internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command:
```bash
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt
```
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.

61
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
View File

@ -80,66 +80,11 @@ To complete this process, you must have admin privileges on the machine.
The installation proceeds.
> [!NOTE]
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but real-time protection will be disabled.
> [!CAUTION]
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but some features, such as real-time protection, will be disabled. See [Troubleshoot kernel extension issues](microsoft-defender-atp-mac-support-kext.md) for information on how to resolve this.
> [!NOTE]
> macOS may request to reboot the machine upon the first installation of Microsoft Defender. Real-Time Protection will not be available until the machine is rebooted.
### Fixing disabled Real-Time Protection
If you did not enable Microsoft's driver during installation, then the application displays a banner prompting you to enable it:
![RTP disabled screenshot](images/MDATP_32_Main_App_Fix.png)
You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available:
```bash
$ mdatp --health
...
realTimeProtectionAvailable : false
realTimeProtectionEnabled : true
...
```
> [!NOTE]
> You have a 30 minute window to enable Real-Time Protection from the warning banner, immediately following installation.
The warning banner contains a **Fix** button, which allows you to quickly enable Real-Time Protection, without having to open a command prompt. Select the **Fix** button. It prompts the **Security & Privacy** system window, where you have to **Allow** system software from developers "Microsoft Corporation".
If you don't see a prompt, it means that 30 or more minutes have already passed, and Real-Time Protection has still not been enabled:
![Security and privacy window after prompt expired screenshot](images/MDATP_33_SecurityPrivacySettings_NoPrompt.png)
In this case, you need to perform the following steps to enable Real-Time Protection instead.
1. In Terminal, attempt to install the driver. (The operation will fail)
```bash
$ sudo kextutil /Library/Extensions/wdavkext.kext
Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Diagnostics for /Library/Extensions/wdavkext.kext:
```
2. Open **System Preferences...** > **Security & Privacy** from the menu. (Close it first, if it's opened.)
3. **Allow** system software from developers "Microsoft Corporation"
4. In Terminal, install the driver again. This time the operation will succeed:
```bash
$ sudo kextutil /Library/Extensions/wdavkext.kext
```
The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available:
```bash
$ mdatp --health
...
realTimeProtectionAvailable : true
realTimeProtectionEnabled : true
...
```
> macOS may request to reboot the machine upon the first installation of Microsoft Defender. Real-time protection will not be available until the machine is rebooted.
## Client configuration

91
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md Normal file
View File

@ -0,0 +1,91 @@
---
title: Troubleshoot kernel extension issues in Microsoft Defender ATP for Mac
ms.reviewer:
description: Describes how to troubleshoot kernel extension-related issues in Microsoft Defender ATP for Mac.
keywords: microsoft, defender, atp, mac, kernel, extension
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Troubleshoot kernel extension issues
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
This topic provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender ATP for Mac.
Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they are allowed to run on the device.
If you did not approve the kernel extension during the deployment / installation of Microsoft Defender ATP for Mac, then the application displays a banner prompting you to enable it:
![RTP disabled screenshot](images/MDATP_32_Main_App_Fix.png)
You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This is an indication that the kernel extension is not approved to run on your device.
```bash
$ mdatp --health
...
realTimeProtectionAvailable : false
realTimeProtectionEnabled : true
...
```
The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender ATP for Mac.
## Managed deployment
See the instructions corresponding to the management tool that you used to deploy the product:
- [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile)
- [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md#create-system-configuration-profiles)
## Manual deployment
If less than 30 minutes have passed since the product was installed, navigate to **System Preferences** > **Security & Privacy**, where you have to **Allow** system software from developers "Microsoft Corporation".
If you don't see this prompt, it means that 30 or more minutes have passed, and the kernel extension still not been approved to run on your device:
![Security and privacy window after prompt expired screenshot](images/MDATP_33_SecurityPrivacySettings_NoPrompt.png)
In this case, you need to perform the following steps to trigger the approval flow again.
1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension was not approved to run on the device, however it will trigger the approval flow again.
```bash
$ sudo kextutil /Library/Extensions/wdavkext.kext
Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
Diagnostics for /Library/Extensions/wdavkext.kext:
```
2. Open **System Preferences** > **Security & Privacy** from the menu. (Close it first, if it's opened.)
3. **Allow** system software from developers "Microsoft Corporation"
4. In Terminal, install the driver again. This time the operation will succeed:
```bash
$ sudo kextutil /Library/Extensions/wdavkext.kext
```
The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
```bash
$ mdatp --health
...
realTimeProtectionAvailable : true
realTimeProtectionEnabled : true
...
```

55
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md Normal file
View File

@ -0,0 +1,55 @@
---
title: Troubleshoot performance issues
ms.reviewer:
description: Describes how to troubleshoot performance issues in Microsoft Defender ATP for Mac.
keywords: microsoft, defender, atp, mac, performance
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Troubleshoot performance issues
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Mac.
Real-time protection (RTP) is a feature of Microsoft Defender ATP for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender ATP for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender ATP for Mac.
The following steps can be used to troubleshoot and mitigate these issues:
1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Mac is contributing to the performance issues.
If your device is not managed by your organization, real-time protection can be disabled using one of the following options:
- From the user interface. Open Microsoft Defender ATP for Mac and navigate to **Manage settings**.
![Manage real-time protection screenshot](images/mdatp-36-RTP.png)
- From the Terminal. For security purposes, this operation requires elevation.
```bash
$ mdatp --config realTimeProtectionEnabled false
```
If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
2. Open Finder and navigate to **Applications** > **Utilities**. Open **Activity Monitor** and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
3. Configure Microsoft Defender ATP for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
See [Configure and validate exclusions for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-exclusions.md) for details.

4
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft Defender ATP for Mac
ms.reviewer:
ms.reviewer:
description: Describes how to install and use Microsoft Defender ATP for Mac.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
search.product: eADQiWindows 10XVcnh
@ -14,7 +14,7 @@ author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.collection: M365-security-compliance
ms.topic: conceptual
---