Add instructions for manual deployment on Big Sur

windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md

@@ -48,7 +48,7 @@ Download the installation and onboarding packages from Microsoft Defender Securi
 
 5. From a command prompt, verify that you have the two files.
     
-## Application installation
+## Application installation (macOS 10.15 and older versions)
 
 To complete this process, you must have admin privileges on the device.
 
@@ -77,6 +77,34 @@ To complete this process, you must have admin privileges on the device.
 > [!NOTE]
 > macOS may request to reboot the device upon the first installation of Microsoft Defender. Real-time protection will not be available until the device is rebooted.
 
+## Application installation (macOS 11 and newer versions)
+
+To complete this process, you must have admin privileges on the device.
+
+1. Navigate to the downloaded wdav.pkg in Finder and open it.
+
+    ![App install screenshot](images/big-sur-install-1.png)
+
+2. Select **Continue**, agree with the License terms, and enter the password when prompted.
+
+3. At the end of the installation process, you will be promoted to approve the system extensions used by the product. Select **Open Security Preferences**.
+
+    ![System extension approval](images/big-sur-install-2.png)
+
+4. From the **Security & Privacy** window, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-3.png)
+
+5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender ATP for Mac.
+
+6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender ATP permissions to filter network traffic, select **Allow**.
+
+    ![System extension security preferences](images/big-sur-install-4.png)
+
+7. Open **System Preferences** > **Security & Privacy** and navigate to the **Privacy** tab. Grant **Full Disk Access** permission to **Microsoft Defender ATP** and **Microsoft Defender ATP Endpoint Security Extension**.
+
+    ![Full disk access](images/big-sur-install-5.png)
+
 ## Client configuration
 
 1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender ATP for macOS.

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md

@@ -233,20 +233,17 @@ To approve the system extensions:
                     <key>IdentifierType</key>
                     <string>bundleID</string>
                 </dict>
-               </array>
-                <key>SystemPolicyAllFiles</key>
-                <array>
                 <dict>
-                        <key>Identifier</key>
-                        <string>com.microsoft.wdav.epsext</string>
+                    <key>Allowed</key>
+                    <true/>
                     <key>CodeRequirement</key>
                     <string>identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
+                    <key>Comment</key>
+                    <string>Allow SystemPolicyAllFiles control for Microsoft Defender ATP Endpoint Security Extension</string>
+                    <key>Identifier</key>
+                    <string>com.microsoft.wdav.epsext</string>
                     <key>IdentifierType</key>
                     <string>bundleID</string>
-                        <key>StaticCode</key>
-                        <integer>0</integer>
-                        <key>Allowed</key>
-                        <integer>1</integer>
                 </dict>
                 </array>
             </dict>