mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-16 07:17:24 +00:00
add in plists
This commit is contained in:
Joey Caparas
parent
20dee939fd
commit
a0ab414574
@ -56,15 +56,145 @@ You'll need to take the following steps:
|
||||
|
||||
4. Extract `WindowsDefenderATPOnboardingPackage.zip` such as `WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso`.
|
||||
|
||||
5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`.
|
||||
5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist` to your preferred location.
|
||||
|
||||
|
||||
## Step 2: Create a configuration profile in Jamf Pro using the onboarding package
|
||||
|
||||
1. Locate the file `WindowsDefenderATPOnboarding.plist`.
|
||||
1. Locate the file `WindowsDefenderATPOnboarding.plist` from the previous section.
|
||||
|
||||
|
||||
|
||||
2. Use the following Microsoft Defender ATP configuration settings:
|
||||
|
||||
- enableRealTimeProtection
|
||||
- passiveMode
|
||||
|
||||
>[!NOTE]
|
||||
>Not turned on by default, if you are planning to run a third-party AV for macOS, set it to `true`.
|
||||
|
||||
- exclusions
|
||||
- excludedPath
|
||||
- excludedFileExtension
|
||||
- excludedFileName
|
||||
- exclusionsMergePolicy
|
||||
- allowedThreats
|
||||
|
||||
>[!NOTE]
|
||||
>EICAR is on the sample, if you are going through a proof-of-concept, remove it especially if you are testing EICAR.
|
||||
|
||||
- disallowedThreatActions
|
||||
- potentially_unwanted_application
|
||||
- archive_bomb
|
||||
- cloudService
|
||||
- automaticSampleSubmission
|
||||
- tags
|
||||
- hideStatusMenuIcon
|
||||
|
||||
For information, see [Property list for Jamf configuration profile](mac-preferences.md#property-list-for-jamf-configuration-profile).
|
||||
|
||||
```XML
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>antivirusEngine</key>
|
||||
<dict>
|
||||
<key>enableRealTimeProtection</key>
|
||||
<true/>
|
||||
<key>passiveMode</key>
|
||||
<false/>
|
||||
<key>exclusions</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>$type</key>
|
||||
<string>excludedPath</string>
|
||||
<key>isDirectory</key>
|
||||
<false/>
|
||||
<key>path</key>
|
||||
<string>/var/log/system.log</string>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>$type</key>
|
||||
<string>excludedPath</string>
|
||||
<key>isDirectory</key>
|
||||
<true/>
|
||||
<key>path</key>
|
||||
<string>/home</string>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>$type</key>
|
||||
<string>excludedFileExtension</string>
|
||||
<key>extension</key>
|
||||
<string>pdf</string>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>$type</key>
|
||||
<string>excludedFileName</string>
|
||||
<key>name</key>
|
||||
<string>cat</string>
|
||||
</dict>
|
||||
</array>
|
||||
<key>exclusionsMergePolicy</key>
|
||||
<string>merge</string>
|
||||
<key>allowedThreats</key>
|
||||
<array>
|
||||
<string>EICAR-Test-File (not a virus)</string>
|
||||
</array>
|
||||
<key>disallowedThreatActions</key>
|
||||
<array>
|
||||
<string>allow</string>
|
||||
<string>restore</string>
|
||||
</array>
|
||||
<key>threatTypeSettings</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>key</key>
|
||||
<string>potentially_unwanted_application</string>
|
||||
<key>value</key>
|
||||
<string>block</string>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>key</key>
|
||||
<string>archive_bomb</string>
|
||||
<key>value</key>
|
||||
<string>audit</string>
|
||||
</dict>
|
||||
</array>
|
||||
<key>threatTypeSettingsMergePolicy</key>
|
||||
<string>merge</string>
|
||||
</dict>
|
||||
<key>cloudService</key>
|
||||
<dict>
|
||||
<key>enabled</key>
|
||||
<true/>
|
||||
<key>diagnosticLevel</key>
|
||||
<string>optional</string>
|
||||
<key>automaticSampleSubmission</key>
|
||||
<true/>
|
||||
</dict>
|
||||
<key>edr</key>
|
||||
<dict>
|
||||
<key>tags</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>key</key>
|
||||
<string>GROUP</string>
|
||||
<key>value</key>
|
||||
<string>ExampleTag</string>
|
||||
</dict>
|
||||
</array>
|
||||
</dict>
|
||||
<key>userInterface</key>
|
||||
<dict>
|
||||
<key>hideStatusMenuIcon</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</dict>
|
||||
</plist>
|
||||
```
|
||||
|
||||
|
||||
2. In the Jamf Pro dashboard, select **New**.
|
||||
|
||||
|
||||
@ -121,11 +251,39 @@ You'll need to take the following steps:
|
||||
|
||||
## Step 3: Configure Microsoft Defender ATP settings
|
||||
|
||||
1. In the Jamf Pro dashboard, select **General**.
|
||||
1. Use the following Microsoft Defender ATP notification configuration settings:
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdavtray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>ChannelName</key>
|
||||
<string>InsiderFast</string>
|
||||
<key>HowToCheck</key>
|
||||
<string>AutomaticDownload</string>
|
||||
<key>EnableCheckForUpdatesButton</key>
|
||||
<true/>
|
||||
<key>DisableInsiderCheckbox</key>
|
||||
<false/>
|
||||
<key>SendAllTelemetryEnabled</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
|
||||
```
|
||||
|
||||
2. Save it as `AutoEnable_notifications_for_MDATP_AutoUpdate.mobileconfig` or `MDATP_MDAV_notification_settings.plist`.
|
||||
|
||||
|
||||
3. In the Jamf Pro dashboard, select **General**.
|
||||
|
||||
|
||||
|
||||
2. Enter the following details:
|
||||
4. Enter the following details:
|
||||
|
||||
**General**
|
||||
- Name: MDATP MDAV configuration settings
|
||||
@ -136,27 +294,27 @@ You'll need to take the following steps:
|
||||
|
||||
|
||||
|
||||
3. In **Application & Custom Settings** select **Configure**.
|
||||
5. In **Application & Custom Settings** select **Configure**.
|
||||
|
||||
|
||||
|
||||
4. Select **Upload File (PLIST file)**.
|
||||
6. Select **Upload File (PLIST file)**.
|
||||
|
||||
|
||||
|
||||
5. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
|
||||
7. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
|
||||
|
||||
|
||||
|
||||
6. Select **Choose File**.
|
||||
8. Select **Choose File**.
|
||||
|
||||
|
||||
|
||||
7. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
|
||||
9. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
|
||||
|
||||
|
||||
|
||||
9. Select **Upload**.
|
||||
10. Select **Upload**.
|
||||
|
||||
|
||||
|
||||
@ -167,29 +325,29 @@ You'll need to take the following steps:
|
||||
>
|
||||
|
||||
|
||||
10. Select **Save**.
|
||||
11. Select **Save**.
|
||||
|
||||
|
||||
|
||||
11. The file is uploaded.
|
||||
12. The file is uploaded.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
12. Select the **Scope** tab.
|
||||
13. Select the **Scope** tab.
|
||||
|
||||
|
||||
|
||||
13. Select **Contoso's Machine Group**.
|
||||
14. Select **Contoso's Machine Group**.
|
||||
|
||||
14. Select **Add**, then select **Save**.
|
||||
15. Select **Add**, then select **Save**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
15. Select **Done**. You'll see the new **Configuration profile**.
|
||||
16. Select **Done**. You'll see the new **Configuration profile**.
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user