Thursday
Hi folks,
I am testing Microsoft Defender on macOS.
For setting up the configuration profiles and policies I have been using this article:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=...
and
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/defender-endp...
Everything is working as expected. So now it's time to make some customizations.
In the Defender client I can see this in the section 'Exclusions:
When setting up the configuration profile with the title 'MDATP MDAV configuration settings' I used the schema.json file from Defender's GitHub repository.
Now I want to change the exclusions. Remove some from the example and add some new ones which are mentioned here: https://community.jamf.com/t5/jamf-pro/recommended-anti-virus-exclusions/m-p/42833
Can anyone explain how to accomplish this? Because in the json file I can't find the exclusions for PDF or /home .
As mentioned before, I choosed to use the json file. I know that you can also use the legacy method by importing de com.microsoft.wdav.plist . In that way you can just edit the .plist file. Which, by the way, is still not as user friendly when adding/changing exclusions in EPO/McAfee.
Thursday
The documentation here explains the options https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-w...
It's basically Path, Extension or Process Name.
When you use the json file, you'll add each individual option with corresponding drop-down menus.
Take note of when choosing Path, to enable or disable the box stating if the path leads to a file or a directory.