deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update set up policies section

Browse Source
This commit is contained in:
Joey Caparas 2020-08-20 14:15:19 -07:00
parent 458448d57a
commit d55f202145
1 changed files with 45 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
View File

@ -23,9 +23,13 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
To set up policies in Jamf Pro for macOS, you'll need to take the following steps: This page will guide you through the steps you need to take to set up macOS policies in Jamf Pro.
1. [Onboard the Microsoft Defender ATP package](#) You'll need to take the following steps:
1. [Get the Microsoft Defender ATP onboarding package](#)
2. [Create a configuration profile in Jamf Pro using the onboarding package](#)
2. [Configure Microsoft Defender ATP settings](#) 2. [Configure Microsoft Defender ATP settings](#)
@ -40,7 +44,7 @@ To set up policies in Jamf Pro for macOS, you'll need to take the following step
7. [Deploy Microsoft Defender ATP for macOS](#) 7. [Deploy Microsoft Defender ATP for macOS](#)
## Step 1: Onboard the Microsoft Defender ATP package ## Step 1: Get the Microsoft Defender ATP onboarding package
1. In [Microsoft Defender Security Center](https://securitycenter.microsoft.com ), navigate to **Settings > Onboarding**. 1. In [Microsoft Defender Security Center](https://securitycenter.microsoft.com ), navigate to **Settings > Onboarding**.
@ -55,16 +59,7 @@ To set up policies in Jamf Pro for macOS, you'll need to take the following step
5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`. 5. Copy the file from `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`.
## Step 2: Create a configuration profile in Jamf Pro using the onboarding package
## Step 1: Onboard the package
1. Locate the file `WindowsDefenderATPOnboarding.plist`. 1. Locate the file `WindowsDefenderATPOnboarding.plist`.
@ -124,12 +119,15 @@ To set up policies in Jamf Pro for macOS, you'll need to take the following step
![List of configuration profiles](images/jamfpro-configuration-policies.png) ![List of configuration profiles](images/jamfpro-configuration-policies.png)
## Step 2: Configure Microsoft Defender ATP settings ## Step 3: Configure Microsoft Defender ATP settings
1. In the Jamf Pro dashboard, select **General**. 1. In the Jamf Pro dashboard, select **General**.
![Image of Jamf Pro dashboard](images/644e0f3af40c29e80ca1443535b2fe32.png)
2. Enter the following details: 2. Enter the following details:
**General**
- Name: MDATP MDAV configuration settings - Name: MDATP MDAV configuration settings
- Description:\<blank\> - Description:\<blank\>
- Category: None (default) - Category: None (default)
@ -146,36 +144,34 @@ To set up policies in Jamf Pro for macOS, you'll need to take the following step
![Image of configuration settings](images/6f85269276b2278eca4bce84f935f87b.png) ![Image of configuration settings](images/6f85269276b2278eca4bce84f935f87b.png)
5. In **Preferences Domain**, enter `com.microsoft.wdav`. 5. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**.
![Image of configuration settings](images/db15f147dd959e872a044184711d7d46.png) ![Image of configuration settings](images/db15f147dd959e872a044184711d7d46.png)
6. Select **Upload PLIST File**. 6. Select **Choose File**.
![Image of configuration settings](images/526e978761fc571cca06907da7b01fd6.png) ![Image of configuration settings](images/526e978761fc571cca06907da7b01fd6.png)
7. Select **Choose File**. 7. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**.
![Image of configuration settings](images/98acea3750113b8dbab334296e833003.png) ![Image of configuration settings](images/98acea3750113b8dbab334296e833003.png)
8. Select the **MDATP_MDAV_configuration_settings.plist**. 9. Select **Upload**.
9. Select **Open**.
![Image of configuration settings](images/0adb21c13206861ba9b30a879ade93d3.png) ![Image of configuration settings](images/0adb21c13206861ba9b30a879ade93d3.png)
![Image of configuration settings](images/f624de59b3cc86e3e2d32ae5de093e02.png) ![Image of configuration settings](images/f624de59b3cc86e3e2d32ae5de093e02.png)
>[!NOTE] >[!NOTE]
>If you end-up uploading the Intune file, you get the following error:<br> >If you happen to upload the Intune file, you'll get the following error:<br>
>![Image of configuration settings](images/8e69f867664668796a3b2904896f0436.png) >![Image of configuration settings](images/8e69f867664668796a3b2904896f0436.png)
10. Select **Upload**. 10. Select **Save**.
![Image of configuration settings](images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png) ![Image of configuration settings](images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png)
11. Select **Save**. 11. The file is uploaded.
![Image of configuration settings](images/33e2b2a1611fdddf6b5b79e54496e3bb.png) ![Image of configuration settings](images/33e2b2a1611fdddf6b5b79e54496e3bb.png)
@ -208,6 +204,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
2. Enter the following details: 2. Enter the following details:
**General**
- Name: MDATP MDAV Notification settings - Name: MDATP MDAV Notification settings
- Description: macOS 10.15 (Catalina) or newer - Description: macOS 10.15 (Catalina) or newer
- Category: None (default) - Category: None (default)
@ -261,47 +258,49 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
![Image of configuration setting](images/eaba2a23dd34f73bf59e826217ba6f15.png) ![Image of configuration setting](images/eaba2a23dd34f73bf59e826217ba6f15.png)
2. Enter the following details:
**General**
- Name: MDATP MDAV MAU settings - Name: MDATP MDAV MAU settings
- Description: Microsoft AutoUpdate settings for MDATP for macOS - Description: Microsoft AutoUpdate settings for MDATP for macOS
- Category: None (default) - Category: None (default)
- Distribution Method: Install Automatically(default) - Distribution Method: Install Automatically(default)
- Level: Computer Level(default) - Level: Computer Level(default)
2. In **Application & Custom Settings** select **Configure**. 3. In **Application & Custom Settings** select **Configure**.
![Image of configuration setting](images/1f72e9c15eaafcabf1504397e99be311.png) ![Image of configuration setting](images/1f72e9c15eaafcabf1504397e99be311.png)
3. Select **Upload File (PLIST file)**. 4. Select **Upload File (PLIST file)**.
![Image of configuration setting](images/bcd4920afadbc158f8d7de88c11096fb.png) ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png)
4. In **Preference Domain** enter: `com.microsoft.autoupdate2`. 5. In **Preference Domain** enter: `com.microsoft.autoupdate2`, then select **Upload PLIST File**
![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png) ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png)
5. Select **Upload PLIST File**. 6. Select **Choose File**.
![Image of configuration setting](images/335aff58950ce62d1dabc289ecdce9ed.png) ![Image of configuration setting](images/335aff58950ce62d1dabc289ecdce9ed.png)
6. Select **Choose File** > **MDATP_MDAV_settings.plist**. 7. Select **MDATP_MDAV_settings.plist**.
![Image of configuration setting](images/a26bd4967cd54bb113a2c8d32894c3de.png) ![Image of configuration setting](images/a26bd4967cd54bb113a2c8d32894c3de.png)
7. Select **Upload**. 8. Select **Upload**.
![Image of configuration setting](images/4239ca0528efb0734e4ca0b490bfb22d.png) ![Image of configuration setting](images/4239ca0528efb0734e4ca0b490bfb22d.png)
![Image of configuration setting](images/4ec20e72c8aed9a4c16912e01692436a.png) ![Image of configuration setting](images/4ec20e72c8aed9a4c16912e01692436a.png)
8. Select **Save**. 9. Select **Save**.
![Image of configuration setting](images/253274b33e74f3f5b8d475cf8692ce4e.png) ![Image of configuration setting](images/253274b33e74f3f5b8d475cf8692ce4e.png)
9. Select the **Scope** tab. 10. Select the **Scope** tab.
![Image of configuration setting](images/10ab98358b2d602f3f67618735fa82fb.png) ![Image of configuration setting](images/10ab98358b2d602f3f67618735fa82fb.png)
10. Select **Add**. 11. Select **Add**.
![Image of configuration setting](images/56e6f6259b9ce3c1706ed8d666ae4947.png) ![Image of configuration setting](images/56e6f6259b9ce3c1706ed8d666ae4947.png)
@ -309,13 +308,13 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
![Image of configuration setting](images/321ba245f14743c1d5d51c15e99deecc.png) ![Image of configuration setting](images/321ba245f14743c1d5d51c15e99deecc.png)
11. Select **Done**. 12. Select **Done**.
![Image of configuration setting](images/ba44cdb77e4781aa8b940fb83e3c21f7.png) ![Image of configuration setting](images/ba44cdb77e4781aa8b940fb83e3c21f7.png)
## Step 5: Grant full disk access to Microsoft Defender ATP ## Step 5: Grant full disk access to Microsoft Defender ATP
1. In the Jamf Pro dashboard, select the **Scope** tab. 1. In the Jamf Pro dashboard, select **Configuration Profiles**.
![Image of configuration setting](images/264493cd01e62c7085659d6fdc26dc91.png) ![Image of configuration setting](images/264493cd01e62c7085659d6fdc26dc91.png)
@ -323,7 +322,8 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
3. Enter the following details: 3. Enter the following details:
- Name: MDATP MDAV - grnat Full Disk Access to EDR and AV **General**
- Name: MDATP MDAV - grant Full Disk Access to EDR and AV
- Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control - Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control
- Category: None - Category: None
- Distribution method: Install Automatically - Distribution method: Install Automatically
@ -332,7 +332,7 @@ These steps are applicable of macOS 10.15 (Catalina) or newer.
![Image of configuration setting](images/ba3d40399e1a6d09214ecbb2b341923f.png) ![Image of configuration setting](images/ba3d40399e1a6d09214ecbb2b341923f.png)
4. In **Application & Custom Settings** select **Configure**. 4. In **Configure Privacy Preferences Policy Control** select **Configure**.
![Image of configuration setting](images/715ae7ec8d6a262c489f94d14e1e51bb.png) ![Image of configuration setting](images/715ae7ec8d6a262c489f94d14e1e51bb.png)
@ -392,6 +392,7 @@ leaf[subject.OU] = UBF8T346G9
2. Enter the following details: 2. Enter the following details:
**General**
- Name: MDATP MDAV Kernel Extension - Name: MDATP MDAV Kernel Extension
- Description: MDATP kernel extension (kext) - Description: MDATP kernel extension (kext)
- Category: None - Category: None
@ -404,13 +405,15 @@ leaf[subject.OU] = UBF8T346G9
![Image of configuration settings](images/30be88b63abc5e8dde11b73f1b1ade6a.png) ![Image of configuration settings](images/30be88b63abc5e8dde11b73f1b1ade6a.png)
![Image of configuration settings](images/39cf120d3ac3652292d8d1b6d057bd60.png)
4. In **Approved Kernel Extensions** Enter the following details: 4. In **Approved Kernel Extensions** Enter the following details:
- Display Name: Microsoft Corp. - Display Name: Microsoft Corp.
- Team ID: UBF8T346G9 - Team ID: UBF8T346G9
![Image of configuration settings](images/39cf120d3ac3652292d8d1b6d057bd60.png)
5. Select the **Scope** tab. 5. Select the **Scope** tab.
![Image of configuration settings](images/0df36fc308ba569db204ee32db3fb40a.png) ![Image of configuration settings](images/0df36fc308ba569db204ee32db3fb40a.png)
@ -436,11 +439,11 @@ leaf[subject.OU] = UBF8T346G9
1. Navigate to where you saved `wdav.pkg`. 1. Navigate to where you saved `wdav.pkg`.
![A screenshot of a computer screen Description automatically generated](images/8dde76b5463047423f8637c86b05c29d.png) ![Image of file explorer](images/8dde76b5463047423f8637c86b05c29d.png)
2. Rename it to `wdav_MDM_Contoso_200329.pkg`. 2. Rename it to `wdav_MDM_Contoso_200329.pkg`.
![A screenshot of a computer screen Description automatically generated](images/fb2220fed3a530f4b3ef36f600da0c27.png) ![Image of file explorer](images/fb2220fed3a530f4b3ef36f600da0c27.png)
3. Open the Jamf Pro dashboard. 3. Open the Jamf Pro dashboard.
@ -497,9 +500,9 @@ leaf[subject.OU] = UBF8T346G9
![Image of configuration settings](images/9f09cc4cd841559dd389fba7dc57e5e0.png) ![Image of configuration settings](images/9f09cc4cd841559dd389fba7dc57e5e0.png)
![A screenshot of a social media post Description automatically generated](images/7acc1b24846d3388d3b29c1d7a2dd141.png) ![Image of configuration settings](images/7acc1b24846d3388d3b29c1d7a2dd141.png)
![A screenshot of a social media post Description automatically generated](images/f878f8efa5ebc92d069f4b8f79f62c7f.png) ![Image of configuration settings](images/f878f8efa5ebc92d069f4b8f79f62c7f.png)
![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png) ![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png)
@ -554,15 +557,3 @@ leaf[subject.OU] = UBF8T346G9
------------------------
Possible end step:
1. In the Jamf Pro dashboard, navigate to **Configuration Profiles**.
2. Select **New**.
![Image of configuration policies](images/jamfpro-policies.png)