Microsoft Defender

Musicmaker
New Contributor III

Hi folks,

I am testing Microsoft Defender on macOS.
For setting up the configuration profiles and policies I have been using this article:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=...
and
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/defender-endp...

Everything is working as expected. So now it's time to make some customizations.
In the Defender client I can see this in the section 'Exclusions:
Screenshot 2022-06-23 at 11.42.06.png

When setting up the configuration profile with the title 'MDATP MDAV configuration settings' I used the schema.json file from Defender's GitHub repository. 

Now I want to change the exclusions. Remove some from the example and add some new ones which are mentioned here: https://community.jamf.com/t5/jamf-pro/recommended-anti-virus-exclusions/m-p/42833

Can anyone explain how to accomplish this? Because in the json file I can't find the exclusions for PDF or /home . 

As mentioned before, I choosed to use the json file. I know that you can also use the legacy method by importing de com.microsoft.wdav.plist . In that way you can just edit the .plist file. Which, by the way, is still not as user friendly when adding/changing exclusions in EPO/McAfee. 

1 REPLY 1

daniel_behan
Contributor II

The documentation here explains the options https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-w...

It's basically Path, Extension or Process Name.

When you use the json file, you'll add each individual option with corresponding drop-down menus.

Take note of when choosing Path, to enable or disable the box stating if the path leads to a file or a directory.