deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4339 from MicrosoftDocs/user/tudobril/release-2010-2-mac

Browse Source 
Add release notes for MDE for Mac 101.15.26
This commit is contained in:
Gary Moore 2020-12-03 18:14:29 -08:00 committed by GitHub
commit b0c5b5a3c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
View File

@ -46,13 +46,13 @@ If you can reproduce a problem, increase the logging level, run the system for s
3. Run `sudo mdatp diagnostic create` to back up the Microsoft Defender for Endpoint logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. 3. Run `sudo mdatp diagnostic create` to back up the Microsoft Defender for Endpoint logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
> [!TIP] > [!TIP]
> By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory.
```bash ```bash
sudo mdatp diagnostic create sudo mdatp diagnostic create
``` ```
```Output ```console
Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip" Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip"
``` ```
@ -61,7 +61,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
```bash ```bash
mdatp log level set --level info mdatp log level set --level info
``` ```
```Output ```console
Log level configured successfully Log level configured successfully
``` ```
@ -102,10 +102,10 @@ Important tasks, such as controlling product settings and triggering on-demand s
|Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` |
|Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` |
|Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` |
|Health |Check the product's health |`mdatp health` | |Health |Check the product's health |`mdatp health` |
|Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` |
|Protection |Scan a path |`mdatp scan custom --path [path]` | |Protection |Scan a path |`mdatp scan custom --path [path] [--ignore-exclusions]` |
|Protection |Do a quick scan |`mdatp scan quick` | |Protection |Do a quick scan |`mdatp scan quick` |
|Protection |Do a full scan |`mdatp scan full` | |Protection |Do a full scan |`mdatp scan full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` | |Protection |Cancel an ongoing on-demand scan |`mdatp scan cancel` |
@ -113,17 +113,17 @@ Important tasks, such as controlling product settings and triggering on-demand s
|EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` | |EDR |Turn on/off EDR preview for Mac |`mdatp edr early-preview [enabled/disabled]` |
|EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` | |EDR |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` |
|EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` | |EDR |Remove group tag from device |`mdatp edr tag remove --tag-name [name]` |
|EDR |Add Group Id |`mdatp edr group-ids --group-id [group]` | |EDR |Add Group ID |`mdatp edr group-ids --group-id [group]` |
### How to enable autocompletion ### How to enable autocompletion
To enable autocompletion in `Bash`, run the following command and restart the Terminal session: To enable autocompletion in bash, run the following command and restart the Terminal session:
```bash ```bash
echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile
``` ```
To enable autocompletion in `zsh`: To enable autocompletion in zsh:
- Check whether autocompletion is enabled on your device: - Check whether autocompletion is enabled on your device:
@ -131,7 +131,7 @@ To enable autocompletion in `zsh`:
cat ~/.zshrc | grep autoload cat ~/.zshrc | grep autoload
``` ```
- If the above command does not produce any output, you can enable autocompletion using the following command: - If the preceding command does not produce any output, you can enable autocompletion using the following command:
```zsh ```zsh
echo "autoload -Uz compinit && compinit" >> ~/.zshrc echo "autoload -Uz compinit && compinit" >> ~/.zshrc
@ -152,4 +152,4 @@ To enable autocompletion in `zsh`:
## Microsoft Defender for Endpoint portal information ## Microsoft Defender for Endpoint portal information
[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center. [EDR capabilities for macOS have now arrived](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801), on the Microsoft Defender for Endpoint blog, provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.

9
windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
View File

@ -27,10 +27,17 @@ ms.topic: conceptual
> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
> [!IMPORTANT] > [!IMPORTANT]
> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
## 101.15.26
- Improved the reliability of the agent when running on macOS 11 Big Sur
- Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
- Performance improvements & bug fixes
## 101.13.75 ## 101.13.75
- Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
- Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur) - Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)
- Bug fixes - Bug fixes

14
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
View File

@ -66,12 +66,12 @@ There are several methods and deployment tools that you can use to install and c
The three most recent major releases of macOS are supported. The three most recent major releases of macOS are supported.
> [!IMPORTANT] > [!IMPORTANT]
> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
> [!IMPORTANT] > [!IMPORTANT]
> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) - 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 1GB - Disk space: 1GB
Beta versions of macOS are not supported. Beta versions of macOS are not supported.
@ -98,7 +98,7 @@ The following downloadable spreadsheet lists the services and their associated U
|**Spreadsheet of domains list**|**Description**| |**Spreadsheet of domains list**|**Description**|
|:-----|:-----| |:-----|:-----|
|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) |![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/> | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>Download the spreadsheet here: [mdatp-urls.xlsx](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx).
Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods: Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC) - Proxy autoconfig (PAC)
@ -144,10 +144,10 @@ Guidance for how to configure the product in enterprise environments is availabl
## macOS kernel and system extensions ## macOS kernel and system extensions
In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details. In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md).
## Resources ## Resources
- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page. - For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md).
- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md) - [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md).