MS Defender ATP app is not in Full Disk Access after in-place OS upgrade from Mojave to Big Sur

Question

We are using Microsoft Defender APT app for Mac in our environment. Starting with Catalina or newer, Microsoft created a new configuration profile for granting Defender ATP app the full disk access in Privacy Preference Policy Control (see their document https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide). This configuration profile works for Catalina or Big Sur.

Right now we are doing Mojave in-place OS upgrade to Big Sur. After the upgrade, the Mac loaded the full disk access configuration profile. However, "Microsoft Defender ATP.app" is not in Full Disk Access. it seems PPPC didn't enforce Defender ATP app into Full Disk Access after upgrading Mojave to Big Sur. The workaround is that we have to manually add Defender ATP app into Full Disk Access.

Did someone have such an experience during the OS upgrade from Mojave to Big Sur when using Microsoft Defender ATP?

Thanks

Dean

sdagley · Answer

@deanc Mojave doesn't know what to do with the PPPC Full Disk Access setting in a Configuration Profile so it's ignored when you deploy it to that version of macOS. Configurations Profiles aren't automatically re-applied when macOS is upgraded, so after upgrading to Big Sur the setting won't exit (as you've discovered). To work around this behavior create a copy of the Defender ATP Configuration Profile that is scoped to only Catalina and higher, then change the scoping of the old profile so that it's only Mojave or older. This way when macOS is updated from Mojave the Defender ATP profile will be re-applied.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded