diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 5652662325..71c901e041 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -87,9 +87,7 @@ The installation will proceed. The client machine is not associated with orgId. Note that the orgid is blank. ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : + mavel-mojave:wdavconfig testuser$ mdatp --health orgId ``` 2. Install the configuration file on a client machine: @@ -102,9 +100,8 @@ The installation will proceed. 3. Verify that the machine is now associated with orgId: ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + mavel-mojave:wdavconfig testuser$ mdatp --health orgId + E6875323-A6C0-4C60-87AD-114BBE7439B8 ``` After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index d0ad4df2aa..4770ec60ec 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -175,26 +175,29 @@ You can monitor policy installation on a machine by following the JAMF's log fil You can also check the onboarding status: ```bash - mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 - orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 - orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +mavel-mojave:~ testuser$ mdatp --health +... +licensed : true +orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" +... ``` -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. +- **licensed**: This confirms that the machine has an ATP license. -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. +- **orgid**: Your ATP org id, it will be the same for your organization. ## Check onboarding status You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: ```bash - sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +mdatp --health healthy ``` -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. +This script returns: +- 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service +- 1 if the machine is not onboarded +- 3 if the connection to the daemon cannot be established (daemon is not running) ## Logging installation issues diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md new file mode 100644 index 0000000000..49020bb614 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md @@ -0,0 +1,82 @@ +--- +title: Installing Microsoft Defender ATP for Mac with different MDM product +description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution. +keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: mavel +author: maximvelichko +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Deployment with a different MDM system + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + +## Approach + +Your organization may use a Mobile Device Management (MDM) solution we do not officially support. +This does not mean you will be unable to deploy or run Microsoft Defender ATP for Mac. +However, we will not be able to provide support for deploying or managing Defender via these solutions. + +Microsoft Defender ATP for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features: + +- Deploying a macOS .pkg to managed machines. +- Deploying macOS system configuration profiles to managed machines. +- Running an arbitrary admin-configured tool/script on managed machines. + +The majority of modern MDM solutions include these features, however, they may call them differently. + +You can deploy Defender without the last requirement from the list above, however: + +- You won't be able to collect status in a centralized way +- If you decide to uninstall Defender, you'll need to logon to the client machine locally as an administrator + +## Deployment + +Most MDM solution use the same model for managing macOS machines, with similar terminology. +Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template. + +### Package + +Configure deployment of a [required application package](microsoft-defender-atp-mac-install-with-jamf.md#package), +with the installation package (wdav.pkg) downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages). + +Your MDM solution can allow you uploading of an arbitrary application package, or require you to wrap it into a custom package first. + +### License settings + +Setup [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile). +Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS. + +Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can extracted from an onboarding package downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages). +Your system may support an arbitrary property list in XML format. You can just upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case. +Alternatively, it may require you to convert the property list to a different format first. + +Note that your custom profile would have an id, name or domain attribute. You must use exactly "com.microsoft.wdav.atp". +MDM will use it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender will use this file for loading onboarding info. + +### KEXT + +Setup a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to whitelist kernel extensions provided by Microsoft. + +## Was it successful? + +Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 7f138a6ca7..bbd9394358 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -41,10 +41,10 @@ If you can reproduce a problem, please increase the logging level, run the syste 2. Reproduce the problem -3. Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. +3. Run `mdatp --diagnostic --create` to backup Defender ATP's logs. The command will print out location with generated zip file. ```bash - mavel-mojave:~ testuser$ mdatp --diagnostic + mavel-mojave:~ testuser$ mdatp --diagnostic --create Creating connection to daemon Connection established "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" @@ -120,7 +120,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | |Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| |Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic --create` | |Health |Check the product's health |`mdatp --health` | |Protection |Scan a path |`mdatp scan --path [path]` | |Protection |Do a quick scan |`mdatp scan --quick` | diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index d1d0dbd9cd..264d420897 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -45,6 +45,7 @@ In general you'll need to take the following steps: - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md) - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) + - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md) - [Manual deployment](microsoft-defender-atp-mac-install-manually.md) ### Prerequisites @@ -69,13 +70,14 @@ The following table lists the services and their associated URLs that your netwo | Service | Description | URL | | -------------- |:------------------------------------:| --------------------------------------------------------------------:| -| ATP | Advanced threat protection service | `https://x.cp.wd.microsoft.com/`, `https://*.x.cp.wd.microsoft.com/` | +| ATP | Advanced threat protection service | `https://x.cp.wd.microsoft.com`, `https://cdn.x.cp.wd.microsoft.com` | -To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://wu-cdn.x.cp.wd.microsoft.com/` in a browser, or run the following command in Terminal: +To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://cdn.x.cp.wd.microsoft.com/ping` in a browser, or run the following command in Terminal: ```bash - mavel-mojave:~ testuser$ curl 'https://x.cp.wd.microsoft.com/api/report' - OK + mavel-mojave:~ testuser$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' + OK https://x.cp.wd.microsoft.com/api/report + OK https://cdn.x.cp.wd.microsoft.com/ping ``` We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.