I have created a configuration profile using "Application and Custom Setting" Payload with Application domain as "com.microsoft.wdav" where I am enabling "Real-Time Protection" (attached screenshot). When I push this config profile, it enables the "Real-Time Protection" on device and make it restricted (attached screenshot) stating "This setting is managed by the organisation"
When I upgrade the macOS to 14.7, suddenly the real time protection setting becomes unrestricted. As far as I know, any application setting managed by JAMF is restrcted by default. Hence, I need you help to understand why the setting is reverted post OS upgrade? And, how can I ensure that real time protection is restricted for user to make the changes?
Question
MS Defender's Real-Time protection is unrestricted
+2
+2Did the profiles are still installed on your machine post you upgraded to 14.7
yes, it is applied but the setting is unmanaged. User can disable real time protection manually.
I have made new discoveries. If I clone the existing config profile and deploy a as a new profile, then "mdatp health" command shows "real_time_protection_enabled : true [managed]". If I unscope and re-add the device on the existing config policy, it shows unmanaged ("real_time_protection_enabled : true").
I have 2 config profile with same preferred domain "com.microsoft.wdav.plist" wherein I have enabled:
1. Defender configuration settings like - Tamper protection, Real time protection, Diagnostic data collection, Use Data Loss Prevention etc.
2. Device Control and Data Loss Prevention version 2.
Is this the reason it is causing some kind of conflict?
+13please check for any spaces in the plist file, any mismatch.
+9yes, it is applied but the setting is unmanaged. User can disable real time protection manually.
I have made new discoveries. If I clone the existing config profile and deploy a as a new profile, then "mdatp health" command shows "real_time_protection_enabled : true [managed]". If I unscope and re-add the device on the existing config policy, it shows unmanaged ("real_time_protection_enabled : true").
I have 2 config profile with same preferred domain "com.microsoft.wdav.plist" wherein I have enabled:
1. Defender configuration settings like - Tamper protection, Real time protection, Diagnostic data collection, Use Data Loss Prevention etc.
2. Device Control and Data Loss Prevention version 2.
Is this the reason it is causing some kind of conflict?
Jamf layers restrictions and settings, so it shouldn't be an issue with 2 config profiles unless you are pushing 2 versions of the same setting, but I'd recommend consolidating them.
We have 2 config profiles from testing. One with DLP only and one with all settings plus DLP. Since the settings are identical we don't see an issue, but the 2 payload deployment is limited to our team. We use a single company wide.
+16Jamf layers restrictions and settings, so it shouldn't be an issue with 2 config profiles unless you are pushing 2 versions of the same setting, but I'd recommend consolidating them.
We have 2 config profiles from testing. One with DLP only and one with all settings plus DLP. Since the settings are identical we don't see an issue, but the 2 payload deployment is limited to our team. We use a single company wide.
If you have more than one profile with the same identifier (ie com.microsoft.wdav), only the first profile installed will take effect. Profiles are not cumulative.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.