Jamf Nation Community

jameson · ‎12-04-2019

I have distributed Windows ATP for Mac like described here

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf

It works fine, but the auto update of the ATP does not work. According to https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-updates

And I run ./msupdate --install --apps wdav00 no updates are found - even I can see the all clients are not updated and have a "yellow" alert sign

Anyone know how to add ATP so it will work with MAU?

jbutler47 · ‎12-05-2019

Follow this link, commands listed at end of article:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-resources

jbutler47 · ‎12-05-2019

Try the command: ./msupdate --install -a wdav00

Seems to do the trick.

SaltyCornelius · ‎09-29-2022

@jameson -

I know this is an OLD thread, but did you ever get it working? I think I am in the same situation now. The msupdate command just doesn't do anything, and I know the version of Defender is not the latest...

./msupdate --install --apps wdav00

Launch with elevated privileges
Detecting and downloading updates...
Cannot determine Update Assistant state.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
Update Assistant is available.
No result returned from Update Assistant

This seems to be the case across all endpoints I have tried.... It also doesn't appear in the MAU GUI.

jbutler47 · ‎09-29-2022

Here's a small script I run to kickstarter Defender updates:

#!/bin/bash

CONSOLE=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')

/usr/bin/sudo -u $CONSOLE /Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS/msupdate --install --apps wdav00

# Run Definition update check
/usr/local/bin/mdatp definitions update

exit

SaltyCornelius · ‎03-27-2023

Just in case anyone finds it useful, I manged to get the autoupdater working by changing the config file to include 'Microsoft Defender.app' -- apaprently a previous name for it was Microsoft Defender ATP.app and that old config was knocking it out of Auto Update:

<key>/Applications/Microsoft Defender.app</key>
<dict>

<key>Application ID</key>
<string>WDAV00</string>

</dict>

Just removed the old entry and added the above under the Applications key, in the existing plist generated by a Config Profile that was handling all the other apps.

Stuart_P · ‎03-29-2023

Hi - that does seem as though it would be useful. Where does that config file (plist ?) live?

Thanks

EDIT - Found it...

Library/Preferences/com.microsoft.autoupdate2.plist

Jamf Nation Community

Windows ATP for Mac - Autoupdate issue