Help

Extension attribute Script

nhenderson
New Contributor

Posted on ‎03-03-2025 11:46 AM

I am trying to setup an extension attribute to verify if MS defender is enabled on devices in our environment. When I save the EA I only get a response from 1 device but I need responses from all of my devices. Any advice would be appreciated! Thanks

 

#!/bin/sh
echo "<result>`mdatp health | grep real_time_protection_enabled| awk '{print $3}'`</result>"

 

 

0 Kudos
Reply
4 REPLIES 4

sdagley
Esteemed Contributor II

‎03-03-2025 11:59 AM - edited ‎03-04-2025 07:06 PM

@nhenderson You should use the full path to the mdatp binary, and don't assume it's installed so you can report an error it if isn't. Something like this:

 

#!/bin/sh

mdatpPath="/Path/To/mdatp"
result="Not Installed"

if [ -e "$mdatpPath" ]; then
    result=$("$mdatpPath" health | grep real_time_protection_enabled | awk '{print $3}')
fi

echo "<result>$result</result>"

 

(You were also missing a space preceding the pipe between your grep and awk statements) 

Reply

nhenderson
New Contributor
In response to sdagley

Posted on ‎03-03-2025 12:14 PM

I appreciate the quick response! I have made the changes and I will see if that works.

0 Kudos
Reply

mm2270
Legendary Contributor III
In response to nhenderson

Posted on ‎03-06-2025 11:28 AM

Keep in mind that devices will only show updated information for a new Extension Attribute once they submit new inventory back to your Jamf Pro console. Just wanted to mention that because a lot of people get confused at first on this. It's not going to update on all Macs immediately after it's created.

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to mm2270

Posted on ‎03-06-2025 12:22 PM

I can't believe nobody has created a FR to trigger a recon policy on all Macs when an EA is created/updated. :-)

0 Kudos
Reply
Back to Top