Jamf Nation Community

kylek · 2 weeks ago

Hello,

We are in the process of setting up Microsoft Defender for Endpoint on our Mac devices using Jamf PRO. We have been successful in doing so using the documentation provided by Microsoft. However, we are running into a few issues. We are unable to get the 'Valid User' and 'Configuration Status' to populate. See pictures attached.

AJPinto · 2 weeks ago

These are both Microsoft Defenders errors not Jamf errors, have you asked on technet or opened a case with Microsoft?

The Accessibility and Full Disk Access are TTC controls, make sure you have the correct Configuration Profiles deployed to enable that access for Defender. UPN likely requires Entra Device Registration but don't hold me to that.
Microsoft is pretty slow to add formal support for new builds of macOS. As dumb as it sounds test on an older version of macOS 15 like 15.2 and see if the behavior is the same.

Shyamsundar · 2 weeks ago

try running mdatp health command to check the status on the local Mac , Which will let you know whether the required information is correct on the local Mac

mvu · 2 weeks ago

What's been your experience with Windows Defender on Macs? Asking for a friend.

dletkeman · 2 weeks ago

I use Installomator to push out Microsoft Defender. Though pushing out the application is pretty simplistic.

I have a config profile for Windows Defender Background Services for 2 Managed Login Items.

I also have a config profile called Windows Defender Onboarding that has an Application & Custom Settings, Content Filter, Notifications, Privacy Preferences Policy Control, and System Extensions payload.

As long as everything is set up ok on the Windows Defender side you shouldn't have any issues.

mvu · 2 weeks ago

Set up sounds similar here. I'm testing it without the Content Filter cause we have other things taking care of that.

The one issue I saw was performance with Intel boxes. The fan ran at a crazy speed, and it did slow things down. Apple Silicon has no issues with this.

Apologies for hijacking the thread. @kylek

dletkeman · 2 weeks ago

We don't notice that issue currently. But honestly it could be happening and no one has brought it up. Not something we are actively monitoring.

moisesa · 2 weeks ago

It’s likely due to incomplete configuration. Make sure the required profiles, especially the WindowsDefenderATPOnboarding.plist, are properly deployed and visible in System Settings > Profiles. Confirm the presence of /Library/Managed Preferences/com.microsoft.wdav.plist files. Run mdatp health in Terminal to check onboarding status. Always deploy configuration profiles before installing the Defender app. Use smart groups in Jamf to target devices with correct configs. Also, ensure system extension approvals are in place. ADE enrollment is preferred over user-initiated to avoid missing permissions.

LK · a week ago

We are facing the same issue. All profiles (except for Bluetooth because it doesn't work) are properly deployed, mdatp health says its healthy and the client also shows up in the Defender portal.

Did anyone find a solution to this yet?

mvu · a week ago

Got another dumb question for you guys ...

Is there nothing unique about the Microsoft Defender package you deploy? Is there a special onboarding configuration that you need to obtain from your tenant to enroll the Macs into your Defender tenant in the package you deploy?

I'm assuming this happens with the configuration profiles alongside the vanilla Defender package (thus you can use Installomator). But want to make sure.

Also, do you have to allocate a license in the Microsoft Defender tenant or create an extra Entra group for the macOS Defender users?

LK · a week ago

https://learn.microsoft.com/en-us/defender-endpoint/mac-jamfpro-policies

At the start of this page, there are instructions to download the onboarding package and create a config profile with it.

Defender is licensed per user.

mvu · a week ago

Got it, thanks sir.

Jamf Nation Community

Jamf Pro with Microsoft Defender for Endpoint