diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index da58cfffbd..bed05f108c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -169,12 +169,12 @@ After installation, you'll see the Microsoft Defender icon in the macOS status b ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) -## Catalina +## How to Allow Full Disk Access > [!CAUTION] -> macOS 10.15 (Catalina) does not allow us to scan certain user's directories (Documents, etc.) without a user's consent. +> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. -To grant consent, open System Preferences, Security & Privacy, Privacy, Full Disk Access. Click the lock to make changes (bottom of the dialog box). Select Microsoft Defender. +To grant consent, open System Preferences -> Security & Privacy -> Privacy -> Full Disk Access. Click the lock icon to make changes (bottom of the dialog box). Select Microsoft Defender ATP. ## Logging installation issues diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 1321c5f956..7a0f0c27d6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -119,6 +119,11 @@ You may now enroll more devices. You can also enroll them later, after you have 7. Create another profile, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file. 8. Create tcc.xml file with content below. Create another profile, give it any name and upload this file to it. + > [!CAUTION] + > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. + > + > The following configuration profile grants Full Disk Access to Microsoft Defender ATP. If you previously configured Microsoft Defender ATP through Intune, we recommend you update the deployment with this configuration profile. + ```xml @@ -183,9 +188,6 @@ You may now enroll more devices. You can also enroll them later, after you have ``` - > [!CAUTION] - > This is a new configuration we add for Catalina. If you previously configured Defender in Intune without it, please modify it and add this option. - 9. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 78ae0346b9..06c2a0a291 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -92,6 +92,11 @@ To approve the kernel extension: ### Privacy Preferences Policy Control +> [!CAUTION] +> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. +> +> If you previously configured Microsoft Defender ATP through JAMF, we recommend applying the following configuration. + By default, starting with Catalina, Microsoft Defender cannot access files in a user's home directory. To resolve it, add a JAMF policy to allow Defender Full Disk Access. 1. Select **Options > Privacy Preferences Policy Control**. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md index 8fb33dfa72..e8b20f0b83 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md @@ -23,4 +23,13 @@ ms.topic: conceptual ## 100.65.28 - Added support for macOS Catalina + +> [!CAUTION] +> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. +> +> The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP: +> +> - For manual deployments, see the updated instructions in the [Manual deployment](microsoft-defender-atp-mac-install-manually.md#how-to-allow-full-disk-access) topic. +> - For managed deployments, see the updated instructions in the [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md#privacy-preferences-policy-control) and [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md#create-system-configuration-profiles) topics. + - Performance improvements