deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #274 from MicrosoftDocs/martyav-mdatp-update-for-may-22

Browse Source 
Martyav mdatp update for may 22
This commit is contained in:
Marty Hernandez Avedon 2019-05-22 18:03:52 -04:00 committed by GitHub
commit f7adb3958d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 90 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
View File

@ -21,7 +21,7 @@ ms.topic: conceptual
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -114,4 +114,4 @@ See [Logging installation issues](microsoft-defender-atp-mac-resources.md#loggin
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.

60
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
View File

@ -21,7 +21,7 @@ ms.topic: conceptual
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -32,13 +32,13 @@ Before you get started, please see [the main Microsoft Defender ATP for Mac page
## Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
Download the installation and onboarding packages from Microsoft Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
1. In Microsoft Defender Security Center, go to **Settings** > **Device Management** > **Onboarding**.
2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
5. Download **IntuneAppUtil** from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
@ -80,41 +80,41 @@ Download the installation and onboarding packages from Windows Defender Security
to deploy refer to the product documentation.
```
## Client Machine Setup
## Client device setup
You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
You need no special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
1. You'll be asked to confirm device management.
![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
Select **Open System Preferences**, locate **Management Profile** on the list and select **Approve...**. Your Management Profile would be displayed as **Verified**:
![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
2. Select the **Continue** button and complete the enrollment.
2. Select **Continue** and complete the enrollment.
You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
3. In Intune, open **Manage** > **Devices** > **All devices**. You'll see your device among those listed:
![Add Devices screenshot](images/MDATP_5_allDevices.png)
## Create System Configuration profiles
1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
4. Select **OK**.
![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
6. Repeat these steps with the second profile.
7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**.
5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
6. Repeat steps 1 through 5 for additional profiles.
7. Create a new profile one more time, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.
8. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
Once the Intune changes are propagated to the enrolled devices, you'll see them listed under **Monitor** > **Device status**:
![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
@ -124,7 +124,7 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t
2. Select **App type=Other/Line-of-business app**.
3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
4. Select **Configure** and add the required information.
5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any arbitrary value.
![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
@ -132,32 +132,30 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t
![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
7. It may take a few moments to upload the package. After it's done, select the package from the list and go to **Assignments** and **Add group**.
![Client apps screenshot](images/MDATP_10_ClientApps.png)
8. Change **Assignment type=Required**.
8. Change **Assignment type** to **Required**.
9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
10. After some time the application will be published to all enrolled devices. You'll see it listed on **Monitor** > **Device**, under **Device install status**:
![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
## Verify client machine state
## Verify client device state
1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**.
1. After the configuration profiles are deployed to your devices, open **System Preferences** > **Profiles** on your Mac device.
![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
2. Verify the three profiles listed there:
2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that we added in Intune.:
![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
3. The **Management Profile** should be the Intune system profile.
4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
5. You should also see the Microsoft Defender icon in the top-right corner:
3. You should also see the Microsoft Defender icon in the top-right corner:
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
@ -167,4 +165,4 @@ See [Logging installation issues](microsoft-defender-atp-mac-resources.md#loggin
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.

71
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
View File

@ -21,7 +21,7 @@ ms.topic: conceptual
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -36,15 +36,14 @@ In addition, for JAMF deployment, you need to be familiar with JAMF administrati
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
1. In Windows Defender Security Center, go to **Settings > device Management > Onboarding**.
2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
5. From a command prompt, verify that you have the two files.
Extract the contents of the .zip files:
5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
```bash
mavel-macmini:Downloads test$ ls -l
@ -62,19 +61,19 @@ Download the installation and onboarding packages from Windows Defender Security
## Create JAMF Policies
You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices.
### Configuration Profile
The configuration profile contains one custom settings payload that includes:
The configuration profile contains a custom settings payload that includes:
- Microsoft Defender ATP for Mac onboarding information
- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
- Approved Kernel Extensions payload, to enable running the Microsoft kernel driver
1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
To set the onboarding information, upload a property list file with the name, _jamf/WindowsDefenderATPOnboarding.plist_.
>[!NOTE]
> You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
>[!IMPORTANT]
> You must set the the Preference Domain as "com.microsoft.wdav.atp"
![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
@ -89,15 +88,15 @@ To approve the kernel extension:
#### Configuration Profile's Scope
Configure the appropriate scope to specify the machines that will receive this configuration profile.
Configure the appropriate scope to specify the devices that will receive the configuration profile.
Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target.
![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
Save the **Configuration Profile**.
Use the **Logs** tab to monitor deployment status for each enrolled machine.
Use the **Logs** tab to monitor deployment status for each enrolled device.
### Package
@ -116,50 +115,50 @@ Your policy should contain a single package for Microsoft Defender.
Configure the appropriate scope to specify the computers that will receive this policy.
After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled device.
## Client machine setup
## Client device setup
You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
You'll need no special provisioning for a macOS computer, beyond the standard JAMF Enrollment.
> [!NOTE]
> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
1. Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
After some time, the machine's User Approved MDM status will change to Yes.
After a moment, the device's User Approved MDM status will change to **Yes**.
![MDM status screenshot](images/MDATP_23_MDMStatus.png)
You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
## Deployment
Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
Enrolled client devices periodically poll the JAMF Server, and install new configuration profiles and policies as soon as they are detected.
### Status on server
### Status on the server
You can monitor the deployment status in the Logs tab:
You can monitor deployment status in the **Logs** tab:
- **Pending** means that the deployment is scheduled but has not yet happened
- **Completed** means that the deployment succeeded and is no longer scheduled
![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
### Status on client machine
### Status on client device
After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
After the Configuration Profile is deployed, you'll see the profile on the device in **System Preferences > Profiles >**, under the name of the configuration profile.
![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
After the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
You can monitor policy installation on a machine by following the JAMF's log file:
You can monitor policy installation on a device by following the JAMF log file:
```bash
mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
@ -182,22 +181,22 @@ orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
...
```
- **licensed**: This confirms that the machine has an ATP license.
- **licensed**: This confirms that the device has an ATP license.
- **orgid**: Your ATP org id, it will be the same for your organization.
- **orgid**: Your Microsoft Defender ATP org id; it will be the same for your organization.
## Check onboarding status
You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
```bash
mdatp --health healthy
```
This script returns:
- 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service
- 1 if the machine is not onboarded
- 3 if the connection to the daemon cannot be established (daemon is not running)
- 0 if Microsoft Defender ATP is registered with the Microsoft Defender ATP service
- 1 if the device is not yet onboarded
- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running
## Logging installation issues
@ -205,4 +204,4 @@ See [Logging installation issues](microsoft-defender-atp-mac-resources.md#loggin
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.
See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Microsoft Defender ATP for Mac from client devices.

8
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
View File

@ -21,7 +21,7 @@ ms.topic: conceptual
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md)
[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -41,7 +41,7 @@ If you can reproduce a problem, please increase the logging level, run the syste
2. Reproduce the problem
3. Run `mdatp --diagnostic --create` to backup Defender ATP's logs. The command will print out location with generated zip file.
3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The command will print out location with generated zip file.
```bash
mavel-mojave:~ testuser$ mdatp --diagnostic --create
@ -152,6 +152,6 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
## Known issues
- Not fully optimized for performance or disk space yet.
- Full Windows Defender ATP integration is not available yet.
- Mac devices that switch networks may appear multiple times in the APT portal.
- Full Microsoft Defender ATP integration is not available yet.
- Mac devices that switch networks may appear multiple times in the Microsoft Defender ATP portal.
- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.

36
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -17,36 +17,41 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Microsoft Defender ATP for Mac
# Microsoft Defender Advanced Threat Protection for Mac
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
>This topic relates to the pre-release version of Microsoft Defender Advanced Threat Protection (ATP) for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic describes how to install and use Microsoft Defender ATP for Mac.
This topic describes how to install and use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac.
## Whats new in the public preview
We've been working hard through the private preview period, and we've heard your concerns. We've reduced the delay for when new Mac devices appear in the ATP console after they've been deployed. We've improved threat handling, and enhanced the user experience. We've also made numerous bug fixes. Other updates to Microsoft Defender ATP for Mac include:
Since opening the limited preview, we've been working non-stop to enhance the product, by listening to customer feedback. We've reduced the time it takes for devices to appear in Microsoft Defender Security Center, immediately following deployment. We've improved threat handling, enhanced the user experience, and fixed bugs. Other updates to Microsoft Defender ATP for Mac include:
- Full accessibility
- Enhanced accessibility
- Improved performance
- Localization for 37 languages
- improved client product health monitoring
- Localization into 37 languages
- Improved anti-tampering protections
- Feedback and samples can now be submitted via the GUI.
- Feedback and samples can now be submitted via the interface.
- Product health can be queried with JAMF or the command line.
- Admins can set their cloud preference for any location, not just for those in the US.
## Installing and configuring
There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
In general you'll need to take the following steps:
- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
- Ensure you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
- [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
- [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
- [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
- [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
- Via the command line tool:
- [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
- Via third party tools:
- [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
- [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
- [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal.
### Prerequisites
@ -69,7 +74,7 @@ After you've enabled the service, you may need to configure your network or fire
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them:
| Service | Description | URL |
| -------------- |:------------------------------------:| --------------------------------------------------------------------:|
| -------------- | ------------------------------------ | -------------------------------------------------------------------- |
| ATP | Advanced threat protection service | `https://x.cp.wd.microsoft.com`, `https://cdn.x.cp.wd.microsoft.com` |
To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://cdn.x.cp.wd.microsoft.com/ping` in a browser, or run the following command in Terminal:
@ -80,8 +85,7 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap
OK https://cdn.x.cp.wd.microsoft.com/ping
```
We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.
SIP is a built-in macOS security feature that prevents low-level tampering with the OS.
We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
## Resources