diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-1.png b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-1.png
new file mode 100644
index 0000000000..a6ff679378
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-1.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-2.png b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-2.png
new file mode 100644
index 0000000000..d3e8d67250
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-3.png b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-3.png
new file mode 100644
index 0000000000..0d7aac7dce
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-3.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-4.png b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-4.png
new file mode 100644
index 0000000000..ad17cf144e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-5.png b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-5.png
new file mode 100644
index 0000000000..576472cd8c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-5.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index daea53aa5e..84d09873b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -48,7 +48,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi
 
 5. From a command prompt, verify that you have the two files.
     
-## Application installation
+## Application installation (macOS 10.15 and older versions)
 
 To complete this process, you must have admin privileges on the device.
 
@@ -65,7 +65,7 @@ To complete this process, you must have admin privileges on the device.
 
    ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-30-SystemExtension.png)
 
-3. Select **Open Security Preferences**  or **Open System Preferences > Security & Privacy**. Select **Allow**:
+3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
 
     ![Security and privacy window screenshot](../microsoft-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png)
 
@@ -77,6 +77,34 @@ To complete this process, you must have admin privileges on the device.
 > [!NOTE]
 > macOS may request to reboot the device upon the first installation of Microsoft Defender. Real-time protection will not be available until the device is rebooted.
 
+## Application installation (macOS 11 and newer versions)
+
+To complete this process, you must have admin privileges on the device.
+
+1. Navigate to the downloaded wdav.pkg in Finder and open it.
+
+    ![App install screenshot](images/big-sur-install-1.png)
+
+2. Select **Continue**, agree with the License terms, and enter the password when prompted.
+
+3. At the end of the installation process, you will be promoted to approve the system extensions used by the product. Select **Open Security Preferences**.
+
+    ![System extension approval](images/big-sur-install-2.png)
+
+4. From the **Security & Privacy** window, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-3.png)
+
+5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender ATP for Mac.
+
+6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender ATP permissions to filter network traffic, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-4.png)
+
+7. Open **System Preferences** > **Security & Privacy** and navigate to the **Privacy** tab. Grant **Full Disk Access** permission to **Microsoft Defender ATP** and **Microsoft Defender ATP Endpoint Security Extension**.
+
+    ![Full disk access](images/big-sur-install-5.png)
+
 ## Client configuration
 
 1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender ATP for macOS.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index 48371885a1..75a0814ec4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -179,81 +179,78 @@ To approve the system extensions:
 
    ```xml
    <?xml version="1.0" encoding="UTF-8"?>
-   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-   <plist version="1.0">
-   <dict>
-       <key>PayloadDescription</key>
-       <string>Allows Microsoft Defender to access all files on Catalina+</string>
-       <key>PayloadDisplayName</key>
-       <string>TCC - Microsoft Defender</string>
-       <key>PayloadIdentifier</key>
-       <string>com.microsoft.wdav.tcc</string>
-       <key>PayloadOrganization</key>
-       <string>Microsoft Corp.</string>
-       <key>PayloadRemovalDisallowed</key>
-       <false/>
-       <key>PayloadScope</key>
-       <string>system</string>
-       <key>PayloadType</key>
-       <string>Configuration</string>
-       <key>PayloadUUID</key>
-       <string>C234DF2E-DFF6-11E9-B279-001C4299FB44</string>
-       <key>PayloadVersion</key>
-       <integer>1</integer>
-       <key>PayloadContent</key>
-       <array>
-       <dict>
-           <key>PayloadDescription</key>
-           <string>Allows Microsoft Defender to access all files on Catalina+</string>
-           <key>PayloadDisplayName</key>
-           <string>TCC - Microsoft Defender</string>
-           <key>PayloadIdentifier</key>
-           <string>com.microsoft.wdav.tcc.C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
-           <key>PayloadOrganization</key>
-           <string>Microsoft Corp.</string>
-           <key>PayloadType</key>
-           <string>com.apple.TCC.configuration-profile-policy</string>
-           <key>PayloadUUID</key>
-           <string>C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
-           <key>PayloadVersion</key>
-           <integer>1</integer>
-           <key>Services</key>
-           <dict>
-               <key>SystemPolicyAllFiles</key>
-               <array>
-               <dict>
-                   <key>Allowed</key>
-                   <true/>
-                   <key>CodeRequirement</key>
-                   <string>identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
-                   <key>Comment</key>
-                   <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP</string>
-                   <key>Identifier</key>
-                   <string>com.microsoft.wdav</string>
-                   <key>IdentifierType</key>
-                   <string>bundleID</string>
-               </dict>
-               </array>
+    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+    <plist version="1.0">
+    <dict>
+        <key>PayloadDescription</key>
+        <string>Allows Microsoft Defender to access all files on Catalina+</string>
+        <key>PayloadDisplayName</key>
+        <string>TCC - Microsoft Defender</string>
+        <key>PayloadIdentifier</key>
+        <string>com.microsoft.wdav.tcc</string>
+        <key>PayloadOrganization</key>
+        <string>Microsoft Corp.</string>
+        <key>PayloadRemovalDisallowed</key>
+        <false/>
+        <key>PayloadScope</key>
+        <string>system</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadUUID</key>
+        <string>C234DF2E-DFF6-11E9-B279-001C4299FB44</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+        <key>PayloadContent</key>
+        <array>
+        <dict>
+            <key>PayloadDescription</key>
+            <string>Allows Microsoft Defender to access all files on Catalina+</string>
+            <key>PayloadDisplayName</key>
+            <string>TCC - Microsoft Defender</string>
+            <key>PayloadIdentifier</key>
+            <string>com.microsoft.wdav.tcc.C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
+            <key>PayloadOrganization</key>
+            <string>Microsoft Corp.</string>
+            <key>PayloadType</key>
+            <string>com.apple.TCC.configuration-profile-policy</string>
+            <key>PayloadUUID</key>
+            <string>C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
+            <key>PayloadVersion</key>
+            <integer>1</integer>
+            <key>Services</key>
+            <dict>
                 <key>SystemPolicyAllFiles</key>
                 <array>
-                    <dict>
-                        <key>Identifier</key>
-                        <string>com.microsoft.wdav.epsext</string>
-                        <key>CodeRequirement</key>
-                        <string>identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
-                        <key>IdentifierType</key>
-                        <string>bundleID</string>
-                        <key>StaticCode</key>
-                        <integer>0</integer>
-                        <key>Allowed</key>
-                        <integer>1</integer>
-                    </dict>
+                <dict>
+                    <key>Allowed</key>
+                    <true/>
+                    <key>CodeRequirement</key>
+                    <string>identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
+                    <key>Comment</key>
+                    <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP</string>
+                    <key>Identifier</key>
+                    <string>com.microsoft.wdav</string>
+                    <key>IdentifierType</key>
+                    <string>bundleID</string>
+                </dict>
+                <dict>
+                    <key>Allowed</key>
+                    <true/>
+                    <key>CodeRequirement</key>
+                    <string>identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
+                    <key>Comment</key>
+                    <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP Endpoint Security Extension</string>
+                    <key>Identifier</key>
+                    <string>com.microsoft.wdav.epsext</string>
+                    <key>IdentifierType</key>
+                    <string>bundleID</string>
+                </dict>
                 </array>
-           </dict>
-       </dict>
-       </array>
-   </dict>
-   </plist>
+            </dict>
+        </dict>
+        </array>
+    </dict>
+    </plist>
    ```
 
 9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Save the following content as netext.xml and deploy it using the same steps as in the previous sections. <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>