Skip to main content

Hi,

I'm using Jamf Pro (10.50.0-t1693149930} and I was wondering if someone can guide me to creating a configuration profile to block or prevent the "InstallDefender" from installing with Office 365. Any other suggestion affective suggestion is welcome.

https://learn.microsoft.com/en-us/deployoffice/mac/preferences-office#excluding-apps

Thanks in advance.

Hi.

Below is the plist that you need.

Create a new profile, give it a name, add the payload "Application & Custom Settings", copy/paste the plist and use the domain "com.microsoft.office", scope in your targets and save.

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>InstallDefender</key> <false/> </dict> </plist>

 

Shannon


After deploying that config profile, I made a smart group of potential SHIM installs of computers enrolled 9.11.23 until the date I noticed the SHIM issue (in my case the 19th).  I assigned a policy to that group that runs the script below, which will uninstall that SHIM and run a custom JAMF event to properly install Defender.

 

#!/bin/bash #Is Defender Installed AppCheck=$( if [ ! -e /Applications/Microsoft\\ Defender.app ]; then echo "Not Installed" else echo "App Installed" fi ) #Check for binary simCheck=$( command -v mdatp ) # Attempt to confirm full Defender Install if [ "$AppCheck" == "Not Installed" ]; then echo "Defender Not Installed" /usr/local/bin/jamf recon /usr/local/bin/jamf policy -event ShimFix elif [ "$AppCheck" == "App Installed" ] && [ "$simCheck" != "/usr/local/bin/mdatp" ]; then echo "Only Shim Installed" /bin/rm -fr /Applications/Microsoft\\ Defender.app /usr/local/bin/jamf recon /usr/local/bin/jamf policy -event ShimFix else echo "Defender fully installed" fi

Hi.

Below is the plist that you need.

Create a new profile, give it a name, add the payload "Application & Custom Settings", copy/paste the plist and use the domain "com.microsoft.office", scope in your targets and save.

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>InstallDefender</key> <false/> </dict> </plist>

 

Shannon


Thank you of the suggestion, that worked!


Thank you, Daniel, will definitely keep in this in mind. Fortunately, I only had one mac that shim installed, based on the smart group.