Jamf Pro with Microsoft Defender for Endpoint

These are both Microsoft Defenders errors not Jamf errors, have you asked on technet or opened a case with Microsoft?

• The Accessibility and Full Disk Access are TTC controls, make sure you have the correct Configuration Profiles deployed to enable that access for Defender. UPN likely requires Entra Device Registration but don't hold me to that.
• Microsoft is pretty slow to add formal support for new builds of macOS. As dumb as it sounds test on an older version of macOS 15 like 15.2 and see if the behavior is the same.

try running mdatp health command to check the status on the local Mac , Which will let you know whether the required information is correct on the local Mac

What's been your experience with Windows Defender on Macs? Asking for a friend.

I use Installomator to push out Microsoft Defender.  Though pushing out the application is pretty simplistic.

I have a config profile for Windows Defender Background Services for 2 Managed Login Items.

I also have a config profile called Windows Defender Onboarding that has an Application & Custom Settings, Content Filter, Notifications, Privacy Preferences Policy Control, and System Extensions payload.

As long as everything is set up ok on the Windows Defender side you shouldn't have any issues.

Set up sounds similar here. I'm testing it without the Content Filter cause we have other things taking care of that.

The one issue I saw was performance with Intel boxes. The fan ran at a crazy speed, and it did slow things down. Apple Silicon has no issues with this.

Apologies for hijacking the thread. @kylek 

We don't notice that issue currently.  But honestly it could be happening and no one has brought it up.  Not something we are actively monitoring.

It’s likely due to incomplete configuration. Make sure the required profiles, especially the WindowsDefenderATPOnboarding.plist, are properly deployed and visible in System Settings > Profiles. Confirm the presence of /Library/Managed Preferences/com.microsoft.wdav.plist files. Run mdatp health in Terminal to check onboarding status. Always deploy configuration profiles before installing the Defender app. Use smart groups in Jamf to target devices with correct configs. Also, ensure system extension approvals are in place. ADE enrollment is preferred over user-initiated to avoid missing permissions.

We are facing the same issue. All profiles (except for Bluetooth because it doesn't work) are properly deployed, mdatp health says its healthy and the client also shows up in the Defender portal.

Did anyone find a solution to this yet?

Got another dumb question for you guys ...

Is there nothing unique about the Microsoft Defender package you deploy? Is there a special onboarding configuration that you need to obtain from your tenant to enroll the Macs into your Defender tenant in the package you deploy?

I'm assuming this happens with the configuration profiles alongside the vanilla Defender package (thus you can use Installomator). But want to make sure.

Also, do you have to allocate a license in the Microsoft Defender tenant or create an extra Entra group for the macOS Defender users?

https://learn.microsoft.com/en-us/defender-endpoint/mac-jamfpro-policies

At the start of this page, there are instructions to download the onboarding package and create a config profile with it.

Defender is licensed per user.

Got it, thanks sir.

The setup instructions for MDE with Jamf are incomplete and leave out the DLP/Purview bits that the Intune instructions have and lead to these errors. Grab the mobileconfigs from the Purview docs instead: Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro | Microsoft Learn 

This also bundles in four of the mobileconfigs so you don’t have to deploy them separately.