deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into intune-config-manager-docs-update

Browse Source
This commit is contained in:
Gary Moore 2020-11-16 13:16:13 -08:00 committed by GitHub
commit 6a153ef71c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -15654,6 +15654,11 @@
"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md", "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
"redirect_document_id": true "redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
"redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md", "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",

165
windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
View File

@ -1,165 +0,0 @@
---
title: Enable Microsoft Defender for Endpoint Insider Device
description: Install and use Microsoft Defender for Endpoint (Mac).
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection:
- m365-security-compliance
- m365initiative-defender-endpoint
ms.topic: conceptual
---
# Enable Microsoft Defender for Endpoint Insider Device
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
> [!IMPORTANT]
> Make sure you have enabled [Microsoft Defender for Endpoint (Mac)](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-for-endpoint-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
## Enable the Insider program with Jamf
1. Create configuration profile `com.microsoft.wdav.plist` with the following content:
```XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>edr</key>
<dict>
<key>earlyPreview</key>
<true/>
</dict>
</dict>
</plist>
```
1. From the JAMF console, navigate to **Computers>Configuration Profiles**, navigate to the configuration profile you'd like to use, then select **Custom Settings**.
1. Create an entry with`com.microsoft.wdav`as the preference domain and upload the `.plist` created earlier.
> [!WARNING]
> You must enter the correct preference domain (com.microsoft.wdav), otherwise the preferences will not be recognized by the product
## Enable the Insider program with Intune
1. Create configuration profile `com.microsoft.wdav.plist` with the following content:
```XML
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender ATP settings</string>
<key>PayloadDescription</key>
<string>Microsoft Defender ATP configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav</string>
<key>PayloadDisplayName</key>
<string>Microsoft Defender ATP configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>edr</key>
<dict>
<key>earlyPreview</key>
<true/>
</dict>
</dict>
</array>
</dict>
</plist>
```
1. Open **Manage > Device configuration**. Select **Manage > Profiles > Create Profile**.
1. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
1. Save the `.plist` created earlier as com.microsoft.wdav.xml.
1. Enter `com.microsoft.wdav` as the custom configuration profile name.
1. Open the configuration profile and upload `com.microsoft.wdav.xml`. This file was created in step 1.
1. Select **OK**.
1. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
> [!WARNING]
> You must enter the correct custom configuration profile name, otherwise these preferences will not be recognized by the product.
## Enable the Insider program manually on a single device
In terminal, run:
```bash
mdatp --edr --early-preview true
```
For versions earlier than 100.78.0, run:
```bash
mdatp --edr --earlyPreview true
```
## Troubleshooting
### Verify you are running the correct version
To get the latest version of the Microsoft Defender for Endpoint (Mac), set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
To verify you are running the correct version, run `mdatp --health` on the device.
* The required version is 100.72.15 or later.
* If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running `defaults read com.microsoft.autoupdate2` from the terminal.
* To change update settings, see [Update Office for Mac automatically](https://support.office.com/article/update-office-for-mac-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1).
* If you are not using Office for Mac, download and run the AutoUpdate tool.
### A device still does not appear on Microsoft Defender Security Center
After a successful deployment and onboarding of the correct version, check that the device has connectivity to the cloud service by running `mdatp --connectivity-test`.
* Check that you enabled the early preview flag. In the terminal, run `mdatp health` and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”.
If you followed the manual deployment instructions, you were prompted to enable Kernel Extensions. Pay attention to the “System Extension note” in the [manual deployment documentation](mac-install-manually.md#application-installation-macos-1015-and-older-versions) and use the “Manual Deployment” section in the [troubleshoot kernel extension documentation](mac-support-kext.md#manual-deployment).

4
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -92,6 +92,10 @@ If you experience any installation failures, refer to [Troubleshooting installat
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
- Audit framework (`auditd`) must be enabled.
>[!NOTE]
> System events captured by rules added to `audit.logs` will add to audit logs and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endopoint for Linux will be tagged with `mdatp` key.
### Network connections ### Network connections
The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them. The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs. If there are, you may need to create an *allow* rule specifically for them.

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
View File

@ -39,7 +39,7 @@ This topic describes how to install, configure, update, and use Defender for End
> [!TIP] > [!TIP]
> If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**. > If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**.
To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device. See [Enable Microsoft Defender for Endpoint Insider Device](endpoint-detection-response-mac-preview.md). To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device.
## How to install Microsoft Defender for Endpoint for Mac ## How to install Microsoft Defender for Endpoint for Mac