Windows ATP for Mac - Autoupdate issue

jameson
Contributor II

I have distributed Windows ATP for Mac like described here

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf

It works fine, but the auto update of the ATP does not work. According to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-updates

And I run ./msupdate --install --apps wdav00 no updates are found - even I can see the all clients are not updated and have a "yellow" alert sign

Anyone know how to add ATP so it will work with MAU?

6 REPLIES 6

jbutler47
Contributor II

Follow this link, commands listed at end of article:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-resources

jbutler47
Contributor II

Try the command: ./msupdate --install -a wdav00

Seems to do the trick.

SaltyCornelius
New Contributor II

@jameson -

I know this is an OLD thread, but did you ever get it working?  I think I am in the same situation now.  The msupdate command just doesn't do anything, and I know the version of Defender is not the latest...

./msupdate --install --apps wdav00

Launch with elevated privileges
Detecting and downloading updates...
Cannot determine Update Assistant state.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
No result returned from Update Assistant

 

This seems to be the case across all endpoints I have tried.... It also doesn't appear in the MAU GUI.

jbutler47
Contributor II

Here's a small script I run to kickstarter Defender updates:

 

#!/bin/bash

CONSOLE=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')

 

/usr/bin/sudo -u $CONSOLE /Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS/msupdate --install --apps wdav00


# Run Definition update check
/usr/local/bin/mdatp definitions update

 

exit

SaltyCornelius
New Contributor II

Just in case anyone finds it useful, I manged to get the autoupdater working by changing the config file to include 'Microsoft Defender.app' -- apaprently a previous name for it was Microsoft Defender ATP.app and that old config was knocking it out of Auto Update:

<key>/Applications/Microsoft Defender.app</key>
<dict>

<key>Application ID</key>
<string>WDAV00</string>

<key>LCID</key>
<integer>1033</integer>

</dict>

Just removed the old entry and added the above under the Applications key, in the existing plist generated by a Config Profile that was handling all the other apps.

 

Hi - that does seem as though it would be useful.  Where does that config file (plist ?) live?

Thanks

EDIT - Found it...

Library/Preferences/com.microsoft.autoupdate2.plist