Posted on 12-02-2020 07:26 AM
I have spent almost 3 days on getting windows defender working on Big sur
and it just keep on getting strange behavior.
I have followed the following microsoft site, that is updated recently and it is fairly easy to create the described config profiles and mobileconfig in jamf
But everytime it just popup with system extension needs to be approved. I found some other examples and right now I am in a spot I actually don´t know what I should try anymore. Has anyone get this working - then PLEASE share with me :)
Right now I just setting a 2018 macbook Pro (so intel) fresh install big sur - and it just keeps bothering this popups
Posted on 12-02-2020 09:47 AM
what do your profiles and policy look like?
are you installing the profiles before installing Defender?
Posted on 12-02-2020 09:55 AM
Ups forgot to paste the link.
The following I follow -
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies
And yes - the profiles are there before installation
Posted on 12-02-2020 10:14 AM
might be better to see how they're configured if you want to provide any sanitized versions. I followed the same process and do not see any prompts. are you using the latest/compatible version for systemextensions? Do you have screenshots of the prompts?
Posted on 12-02-2020 12:35 PM
I do remember on my end having to make sure the content filtering profile I was uploading was signed, seemed to work fine after that. I am looking forward to my JAMF instance being updated to 10.26 this coming weekend which will allow me to create content filtering profiles rather than making them myself. Wonder if that would make things easier for you?
Posted on 12-17-2020 11:46 AM
@jameson Did you ever get it working? I am having similar issues in our environment. ATP is working on our Catalina devices but on my test Big Sur device no joy! I followed the same MS guide you did but still does not work. Anyone else figure it out? @mgshepherd What content filtering profile did you have to sign? I signed the "Network Extension Policy" MS instructed to sign, is that what you are talking about?
Posted on 03-06-2021 12:34 AM
I also made profiles from that Microsoft site. And have this problem after machine upgrade to Big Sur. I found that removing Defender and install it again solves this. Btw. If I remove Microsoft Defender ATP.app from finder, it says that System Extensions exists, and will be removed. And it indeed was removed (verified with systemextensionsctl list). But if I remove Microsoft Defender ATP.app from terminal, System Extensions still exists. Even after reboot. Is there some easy (without disabling SIP) way to remove System Extensions from terminal?