Add instructions for manual deployment on Big Sur

2025-06-19 20:33:42 +00:00 · 2020-09-30 18:30:08 -07:00
parent 1bb9cf4f1f
commit 7fcd3cb099
7 changed files with 99 additions and 74 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-1.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-1.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-2.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-2.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-3.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-3.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-4.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-4.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-5.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/big-sur-install-5.png
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@ -48,7 +48,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi

 5. From a command prompt, verify that you have the two files.
    
-## Application installation
+## Application installation (macOS 10.15 and older versions)

 To complete this process, you must have admin privileges on the device.

@ -65,7 +65,7 @@ To complete this process, you must have admin privileges on the device.

   ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-30-SystemExtension.png)

-3. Select **Open Security Preferences**  or **Open System Preferences > Security & Privacy**. Select **Allow**:
+3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:

    ![Security and privacy window screenshot](../microsoft-defender-antivirus/images/MDATP-31-SecurityPrivacySettings.png)

@ -77,6 +77,34 @@ To complete this process, you must have admin privileges on the device.
 > [!NOTE]
 > macOS may request to reboot the device upon the first installation of Microsoft Defender. Real-time protection will not be available until the device is rebooted.

+## Application installation (macOS 11 and newer versions)
+
+To complete this process, you must have admin privileges on the device.
+
+1. Navigate to the downloaded wdav.pkg in Finder and open it.
+
+    ![App install screenshot](images/big-sur-install-1.png)
+
+2. Select **Continue**, agree with the License terms, and enter the password when prompted.
+
+3. At the end of the installation process, you will be promoted to approve the system extensions used by the product. Select **Open Security Preferences**.
+
+    ![System extension approval](images/big-sur-install-2.png)
+
+4. From the **Security & Privacy** window, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-3.png)
+
+5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender ATP for Mac.
+
+6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender ATP permissions to filter network traffic, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-4.png)
+
+7. Open **System Preferences** > **Security & Privacy** and navigate to the **Privacy** tab. Grant **Full Disk Access** permission to **Microsoft Defender ATP** and **Microsoft Defender ATP Endpoint Security Extension**.
+
+    ![Full disk access](images/big-sur-install-5.png)
+
 ## Client configuration

 1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender ATP for macOS.
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@ -179,81 +179,78 @@ To approve the system extensions:

   ```xml
   <?xml version="1.0" encoding="UTF-8"?>
-   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-   <plist version="1.0">
-   <dict>
-       <key>PayloadDescription</key>
-       <string>Allows Microsoft Defender to access all files on Catalina+</string>
-       <key>PayloadDisplayName</key>
-       <string>TCC - Microsoft Defender</string>
-       <key>PayloadIdentifier</key>
-       <string>com.microsoft.wdav.tcc</string>
-       <key>PayloadOrganization</key>
-       <string>Microsoft Corp.</string>
-       <key>PayloadRemovalDisallowed</key>
-       <false/>
-       <key>PayloadScope</key>
-       <string>system</string>
-       <key>PayloadType</key>
-       <string>Configuration</string>
-       <key>PayloadUUID</key>
-       <string>C234DF2E-DFF6-11E9-B279-001C4299FB44</string>
-       <key>PayloadVersion</key>
-       <integer>1</integer>
-       <key>PayloadContent</key>
-       <array>
-       <dict>
-           <key>PayloadDescription</key>
-           <string>Allows Microsoft Defender to access all files on Catalina+</string>
-           <key>PayloadDisplayName</key>
-           <string>TCC - Microsoft Defender</string>
-           <key>PayloadIdentifier</key>
-           <string>com.microsoft.wdav.tcc.C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
-           <key>PayloadOrganization</key>
-           <string>Microsoft Corp.</string>
-           <key>PayloadType</key>
-           <string>com.apple.TCC.configuration-profile-policy</string>
-           <key>PayloadUUID</key>
-           <string>C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
-           <key>PayloadVersion</key>
-           <integer>1</integer>
-           <key>Services</key>
-           <dict>
-               <key>SystemPolicyAllFiles</key>
-               <array>
-               <dict>
-                   <key>Allowed</key>
-                   <true/>
-                   <key>CodeRequirement</key>
-                   <string>identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
-                   <key>Comment</key>
-                   <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP</string>
-                   <key>Identifier</key>
-                   <string>com.microsoft.wdav</string>
-                   <key>IdentifierType</key>
-                   <string>bundleID</string>
-               </dict>
-               </array>
+    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+    <plist version="1.0">
+    <dict>
+        <key>PayloadDescription</key>
+        <string>Allows Microsoft Defender to access all files on Catalina+</string>
+        <key>PayloadDisplayName</key>
+        <string>TCC - Microsoft Defender</string>
+        <key>PayloadIdentifier</key>
+        <string>com.microsoft.wdav.tcc</string>
+        <key>PayloadOrganization</key>
+        <string>Microsoft Corp.</string>
+        <key>PayloadRemovalDisallowed</key>
+        <false/>
+        <key>PayloadScope</key>
+        <string>system</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadUUID</key>
+        <string>C234DF2E-DFF6-11E9-B279-001C4299FB44</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+        <key>PayloadContent</key>
+        <array>
+        <dict>
+            <key>PayloadDescription</key>
+            <string>Allows Microsoft Defender to access all files on Catalina+</string>
+            <key>PayloadDisplayName</key>
+            <string>TCC - Microsoft Defender</string>
+            <key>PayloadIdentifier</key>
+            <string>com.microsoft.wdav.tcc.C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
+            <key>PayloadOrganization</key>
+            <string>Microsoft Corp.</string>
+            <key>PayloadType</key>
+            <string>com.apple.TCC.configuration-profile-policy</string>
+            <key>PayloadUUID</key>
+            <string>C233A5E6-DFF6-11E9-BDAD-001C4299FB44</string>
+            <key>PayloadVersion</key>
+            <integer>1</integer>
+            <key>Services</key>
+            <dict>
                <key>SystemPolicyAllFiles</key>
                <array>
-                    <dict>
-                        <key>Identifier</key>
-                        <string>com.microsoft.wdav.epsext</string>
-                        <key>CodeRequirement</key>
-                        <string>identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
-                        <key>IdentifierType</key>
-                        <string>bundleID</string>
-                        <key>StaticCode</key>
-                        <integer>0</integer>
-                        <key>Allowed</key>
-                        <integer>1</integer>
-                    </dict>
+                <dict>
+                    <key>Allowed</key>
+                    <true/>
+                    <key>CodeRequirement</key>
+                    <string>identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
+                    <key>Comment</key>
+                    <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP</string>
+                    <key>Identifier</key>
+                    <string>com.microsoft.wdav</string>
+                    <key>IdentifierType</key>
+                    <string>bundleID</string>
+                </dict>
+                <dict>
+                    <key>Allowed</key>
+                    <true/>
+                    <key>CodeRequirement</key>
+                    <string>identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
+                    <key>Comment</key>
+                    <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP Endpoint Security Extension</string>
+                    <key>Identifier</key>
+                    <string>com.microsoft.wdav.epsext</string>
+                    <key>IdentifierType</key>
+                    <string>bundleID</string>
+                </dict>
                </array>
-           </dict>
-       </dict>
-       </array>
-   </dict>
-   </plist>
+            </dict>
+        </dict>
+        </array>
+    </dict>
+    </plist>
   ```

 9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Save the following content as netext.xml and deploy it using the same steps as in the previous sections. <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>