Microsoft Defender ATP Quick/Full Scan Config Profile

looking for this too... opened a ticket with Microsoft after talking to support.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp

Doesn't look like it's possible with a config profile.

I have full and quick scans working but using launchdaemons not configuration profiles.  I can't think how you would do it with a config profile.  What makes you think you can schedule something with a Configuration Profile?

Hi @dlondon , can you please share the script you are using to launch daemons?

Thanks

Hi @PiyushVerma - it's all in here https://community.jamf.com/t5/jamf-pro/launchdaemon-and-microsoft-defender-atp/m-p/205632

The last post by me is the corrected one

Hi @dlondon,

Thanks for your script I have tried. I am getting the plists on the desired path but getting error as:

"/Library/LaunchDaemons/com.microsoft.wdav.schedquickscan.plist: service already loaded Load failed: 37: Operation already in progress /Library/LaunchDaemons/com.microsoft.wdav.schedfullscan.plist: service already loaded Load failed: 37: Operation already in progress"

Also, no auto scan is getting executed by plists.

My understanding is, as soon as defender gets installed, using your script the first scan will get initiate automatically and then all the other scans will be done by plists. Please correct me if I am wrong..!!

Thanks 

Hi @PiyushVerma - sounds like a scan is already running.  You can check that by opening Defender app from the menu bar icon and seeing what it's doing there.

This all came from the Microsoft Documentation - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide

Also you can probably find it running using launchctl

Try breaking the problem up.  Just do a quick scan so just install that part. I'm actually not doing a full scan at the moment