deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update microsoft-defender-atp-mac-install-with-jamf.md

Browse Source 
image links
This commit is contained in:
denisebmsft
2019-11-05 12:40:23 -08:00
parent 962a4bec42
commit cf0d70b242
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac-install-with-jamf.md
View File

@ -46,7 +46,7 @@ Download the installation and onboarding packages from Windows Defender Security
3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory. 3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. 4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_DownloadPackages.png) ![Windows Defender Security Center screenshot](../windows-defender-antivirus/images/MDATP-2-DownloadPackages.png)
5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: 5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
@ -79,7 +79,7 @@ To set the onboarding information, add a property list file with the name, _jamf
>[!IMPORTANT] >[!IMPORTANT]
> You must set the Preference Domain as "com.microsoft.wdav.atp" > You must set the Preference Domain as "com.microsoft.wdav.atp"
![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) ![Configuration profile screenshot](../windows-defender-antivirus/images/MDATP-16-PreferenceDomain.png)
### Approved Kernel Extension ### Approved Kernel Extension
@ -88,7 +88,7 @@ To approve the kernel extension:
1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. 1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
2. Use **UBF8T346G9** for Team Id. 2. Use **UBF8T346G9** for Team Id.
![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) ![Approved kernel extensions screenshot](../windows-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png)
### Privacy Preferences Policy Control ### Privacy Preferences Policy Control
@ -104,7 +104,7 @@ Add the following JAMF policy to grant Full Disk Access to Microsoft Defender AT
3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`. 3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`.
4. Set app or service to SystemPolicyAllFiles and access to Allow. 4. Set app or service to SystemPolicyAllFiles and access to Allow.
![Privacy Preferences Policy Control](images/MDATP_35_JAMF_PrivacyPreferences.png) ![Privacy Preferences Policy Control](../windows-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png)
#### Configuration Profile's Scope #### Configuration Profile's Scope
@ -112,7 +112,7 @@ Configure the appropriate scope to specify the devices that will receive the con
Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target. Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target.
![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) ![Configuration profile scope screenshot](../windows-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png)
Save the **Configuration Profile**. Save the **Configuration Profile**.
@ -132,7 +132,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
1. Create a package in **Settings > Computer Management > Packages**. 1. Create a package in **Settings > Computer Management > Packages**.
![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) ![Computer management packages screenshot](../windows-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png)
2. Upload the package to the Distribution Point. 2. Upload the package to the Distribution Point.
3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_. 3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_.
@ -141,7 +141,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
Your policy should contain a single package for Microsoft Defender. Your policy should contain a single package for Microsoft Defender.
![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) ![Microsoft Defender packages screenshot](../windows-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png)
Configure the appropriate scope to specify the computers that will receive this policy. Configure the appropriate scope to specify the computers that will receive this policy.
@ -156,12 +156,12 @@ You'll need no special provisioning for a macOS computer, beyond the standard JA
1. Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. 1. Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) ![MDM approve button screenshot](../windows-defender-antivirus/images/MDATP_21_MDMProfile1.png)<br/>
![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) ![MDM screenshot](../windows-defender-antivirus/images/MDATP-22-MDMProfileApproved.png)
After a moment, the device's User Approved MDM status will change to **Yes**. After a moment, the device's User Approved MDM status will change to **Yes**.
![MDM status screenshot](images/MDATP_23_MDMStatus.png) ![MDM status screenshot](../windows-defender-antivirus/images/MDATP-23-MDMStatus.png)
You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages. You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages.
@ -176,17 +176,17 @@ You can monitor deployment status in the **Logs** tab:
- **Pending** means that the deployment is scheduled but has not yet happened - **Pending** means that the deployment is scheduled but has not yet happened
- **Completed** means that the deployment succeeded and is no longer scheduled - **Completed** means that the deployment succeeded and is no longer scheduled
![Status on server screenshot](images/MDATP_24_StatusOnServer.png) ![Status on server screenshot](../windows-defender-antivirus/images/MDATP-24-StatusOnServer.png)
### Status on client device ### Status on client device
After the Configuration Profile is deployed, you'll see the profile for the device in **System Preferences** > **Profiles >**. After the Configuration Profile is deployed, you'll see the profile for the device in **System Preferences** > **Profiles >**.
![Status on client screenshot](images/MDATP_25_StatusOnClient.png) ![Status on client screenshot](../windows-defender-antivirus/images/MDATP-25-StatusOnClient.png)
Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner. Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) ![Microsoft Defender icon in status bar screenshot](../windows-defender-antivirus/images/MDATP-Icon-Bar.png)
You can monitor policy installation on a device by following the JAMF log file: You can monitor policy installation on a device by following the JAMF log file:
@ -258,12 +258,12 @@ This script removes Microsoft Defender ATP from the /Applications directory:
echo "Done!" echo "Done!"
``` ```
![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) ![Microsoft Defender uninstall screenshot](../windows-defender-antivirus/images/MDATP-26-Uninstall.png)
### Policy ### Policy
Your policy should contain a single script: Your policy should contain a single script:
![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) ![Microsoft Defender uninstall script screenshot](../windows-defender-antivirus/images/MDATP-27-UninstallScript.png)
Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.