From 46aabb7f8bf2d239f0861c4ddd0381517c20d1eb Mon Sep 17 00:00:00 2001
From: maximvelichko <mavel@microsoft.com>
Date: Sat, 28 Sep 2019 13:03:49 -0700
Subject: [PATCH] JAMF

---
 ...microsoft-defender-atp-mac-install-with-jamf.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
index 621dee60a6..af7e72d984 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -90,6 +90,20 @@ To approve the kernel extension:
 
 ![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
 
+### Privacy Preferenes Policy Control
+
+By default, starting with Catalina, Microsoft Defender cannot access files in a user's home directory. To resolve it, add a JAMF policy to allow Defender Full Disk Access.
+
+1. Select **Options > Privacy Preferences Policy Control**.
+2. Use any identifier and identifier type = Bundle.
+3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`.
+4. Set app or service to SystemPolicyAllFiles and access to Allow.
+
+![Privacy Preferences Policy Control](images/MDATP_35_JAMF_PrivacyPreferences.png)
+
+> [!CAUTION]
+> This is a new configuration we add for Catalina. If you set your configuration profile for Defender without it, please modify it and add this option.
+
 #### Configuration Profile's Scope
 
 Configure the appropriate scope to specify the devices that will receive the configuration profile.