JAMF

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md

@@ -90,6 +90,20 @@ To approve the kernel extension:
 
 ![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
 
+### Privacy Preferenes Policy Control
+
+By default, starting with Catalina, Microsoft Defender cannot access files in a user's home directory. To resolve it, add a JAMF policy to allow Defender Full Disk Access.
+
+1. Select **Options > Privacy Preferences Policy Control**.
+2. Use any identifier and identifier type = Bundle.
+3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`.
+4. Set app or service to SystemPolicyAllFiles and access to Allow.
+
+![Privacy Preferences Policy Control](images/MDATP_35_JAMF_PrivacyPreferences.png)
+
+> [!CAUTION]
+> This is a new configuration we add for Catalina. If you set your configuration profile for Defender without it, please modify it and add this option.
+
 #### Configuration Profile's Scope
 
 Configure the appropriate scope to specify the devices that will receive the configuration profile.