From cbc377b5477ab593779069bee6599d7b170bbc1f Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Wed, 8 May 2019 15:22:55 -0700 Subject: [PATCH] wdavconfig.py => mdatp --health --- ...osoft-defender-atp-mac-install-manually.md | 9 +++----- ...soft-defender-atp-mac-install-with-jamf.md | 21 +++++++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 82e53c1ff4..1d6f73f280 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -90,9 +90,7 @@ The installation will proceed. The client machine is not associated with orgId. Note that the orgid is blank. ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : + mavel-mojave:wdavconfig testuser$ mdatp --health orgId ``` 2. Install the configuration file on a client machine: @@ -105,9 +103,8 @@ The installation will proceed. 3. Verify that the machine is now associated with orgId: ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + mavel-mojave:wdavconfig testuser$ mdatp --health orgId + E6875323-A6C0-4C60-87AD-114BBE7439B8 ``` After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index b2df2ab85f..516c62e45a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -178,26 +178,29 @@ Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. You can also check the onboarding status: ```bash -mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py -uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 -orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +mavel-mojave:~ testuser$ mdatp --health +... +licensed : true +orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" +... ``` -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. +- **licensed**: This is a confirmation that the machine is licensed for ATP. -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. +- **orgid**: Your ATP org id, it will be the same for your organization. ## Check onboarding status You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: ```bash -sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +mdatp --health healthy ``` -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. +This script returns: +- 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service +- 1 if the machine is not onboarded +- 3 if the connection to the daemon cannot be established (daemon is not running) ## Test alert