Merge pull request #4640 from MicrosoftDocs/user/tudobril/mac-syntax-fixes

Update MDE for Mac docs to use new command-line tool syntax
2025-05-28 13:17:23 +00:00 · 2021-01-29 16:19:24 -08:00 · 2021-01-29 16:19:24 -08:00 · 31131a3b9e
commit 31131a3b9e
parent 980fba933c f0446c8eb4
9 changed files with 24 additions and 23 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@ -116,7 +116,7 @@ To complete this process, you must have admin privileges on the device.
    The client device is not associated with orgId. Note that the *orgId* attribute is blank.

    ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
    ```

 2. Run the Python script to install the configuration file:
@ -128,7 +128,7 @@ To complete this process, you must have admin privileges on the device.
 3. Verify that the device is now associated with your organization and reports a valid *orgId*:

    ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
    ```

 After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@ -59,7 +59,7 @@ You can configure how PUA files are handled from the command line or from the ma
 In Terminal, execute the following command to configure PUA protection:

 ```bash
-mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
 ```

 ### Use the management console to configure PUA protection:
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@ -149,7 +149,7 @@ To enable autocompletion in zsh:

 ## Client Microsoft Defender for Endpoint quarantine directory

-`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp --threat --list --pretty`.
+`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp threat list`.

 ## Microsoft Defender for Endpoint portal information

--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@ -47,7 +47,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
        <array>
            <string>sh</string>
            <string>-c</string>
-            <string>/usr/local/bin/mdatp --scan --quick</string>
+            <string>/usr/local/bin/mdatp scan quick</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
@ -73,7 +73,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
 2. Save the file as *com.microsoft.wdav.schedquickscan.plist*.

    > [!TIP]
-    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp --scan --quick</string>`, to use the `--full` option instead of `--quick` (i.e. `<string>/usr/local/bin/mdatp --scan --full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
+    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp scan quick</string>`, to use the `full` option instead of `quick` (i.e. `<string>/usr/local/bin/mdatp scan full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.

 3. Open **Terminal**.
 4. Enter the following commands to load your file:
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@ -37,15 +37,15 @@ If you did not approve the kernel extension during the deployment/installation o

   ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png)

-You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
+You can also run ```mdatp health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.

 ```bash
-mdatp --health
+mdatp health
 ```
 ```Output
 ...
-realTimeProtectionAvailable             : false
-realTimeProtectionEnabled               : true
+real_time_protection_enabled                : false
+real_time_protection_available              : true
 ...
 ```

@ -90,15 +90,15 @@ In this case, you need to perform the following steps to trigger the approval fl
    sudo kextutil /Library/Extensions/wdavkext.kext
    ```

-    The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
+    The banner should disappear from the Defender application, and ```mdatp health``` should now report that real-time protection is both enabled and available:

    ```bash
-    mdatp --health
+    mdatp health
    ```

    ```Output
    ...
-    realTimeProtectionAvailable             : true
-    realTimeProtectionEnabled               : true
+    real_time_protection_enabled                : true
+    real_time_protection_available              : true
    ...
    ```
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@ -43,13 +43,13 @@ The following steps can be used to troubleshoot and mitigate these issues:

    - From the user interface. Open Microsoft Defender for Endpoint for Mac and navigate to **Manage settings**.

-    ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)
+      ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)

    - From the Terminal. For security purposes, this operation requires elevation.

-    ```bash
-    mdatp --config realTimeProtectionEnabled false
-    ```
+      ```bash
+      mdatp config real-time-protection --value disabled
+      ```

    If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).

--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@ -45,7 +45,7 @@ These steps assume you already have Defender for Endpoint running on your device
 - Your device must be in the **Insider Fast update channel**. You can check the update channel by using the following command:

  ```bash
-  mdatp --health releaseRing
+  mdatp health --field release_ring
  ```

  If your device isn't already in the Insider Fast update channel, execute the following command from the Terminal. The channel update takes effect the next time the product starts (when the next product update is installed, or when the device is rebooted).
@ -66,8 +66,9 @@ Follow the deployment steps that correspond to your environment and your preferr

 1. After all deployment prerequisites are met, restart your device to launch the system extension approval and activation process.

-You'll see a series of system prompts to approve the Defender for Endpoint system extensions. You must approve **all** prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device.
-For each approval, select **Open Security Preferences** and then select **Allow** to allow the system extension to run.
+   You'll see a series of system prompts to approve the Defender for Endpoint system extensions. You must approve **all** prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device.
+   
+   For each approval, select **Open Security Preferences** and then select **Allow** to allow the system extension to run.

   > [!IMPORTANT]
   > You must close and reopen the **System Preferences** > **Security & Privacy** window between subsequent approvals. Otherwise, macOS will not display the next approval.
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@ -173,7 +173,7 @@ ms.technology: mde
 - Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
 - Added a new switch to the command-line utility for testing the connectivity with the backend service
  ```bash
-  mdatp --connectivity-test
+  mdatp connectivity test
  ```
 - Added ability to view the full threat history in the user interface (can be accessed from the **Protection history** view)
 - Performance improvements & bug fixes
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@ -132,7 +132,7 @@ The output from this command should be similar to the following:

 Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
 ```bash
-mdatp --connectivity-test
+mdatp connectivity test
 ```

 ## How to update Microsoft Defender for Endpoint for Mac