2 weeks ago
I am trying to setup an extension attribute to verify if MS defender is enabled on devices in our environment. When I save the EA I only get a response from 1 device but I need responses from all of my devices. Any advice would be appreciated! Thanks
#!/bin/sh
echo "<result>`mdatp health | grep real_time_protection_enabled| awk '{print $3}'`</result>"
2 weeks ago - last edited 2 weeks ago
@nhenderson You should use the full path to the mdatp binary, and don't assume it's installed so you can report an error it if isn't. Something like this:
#!/bin/sh
mdatpPath="/Path/To/mdatp"
result="Not Installed"
if [ -e "$mdatpPath" ]; then
result=$("$mdatpPath" health | grep real_time_protection_enabled | awk '{print $3}')
fi
echo "<result>$result</result>"
(You were also missing a space preceding the pipe between your grep and awk statements)
2 weeks ago
I appreciate the quick response! I have made the changes and I will see if that works.
2 weeks ago
Keep in mind that devices will only show updated information for a new Extension Attribute once they submit new inventory back to your Jamf Pro console. Just wanted to mention that because a lot of people get confused at first on this. It's not going to update on all Macs immediately after it's created.
2 weeks ago
I can't believe nobody has created a FR to trigger a recon policy on all Macs when an EA is created/updated. :-)