Help

Windows Defender ATP for Mac

rkulefsky
New Contributor

Posted on ‎09-14-2020 09:39 AM

I'm looking for anyone with experience in Defender ATP for Mac. We successfully deployed Defender to our Mac users via JAMF. In our online portal, we can see Defender identify different types of threats, but we're not able to take action to remediate. The "Action Center" is greyed out. Not sure if there are links between ATP and JAMF, but would love to discuss.

0 Kudos
6 REPLIES 6

jefff
Contributor II

Posted on ‎09-14-2020 10:22 AM

Most of the configuration of MDATP is done through configuration profiles that you can deliver with Jamf. Nothing is controlled in the Security Center.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-prefe...

You can also activate some aspects of Defender through Terminal commands.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-resou...

We're still rolling it out, so we've never used Defender to remediate anything significant. I'm not sure what the limits of its capability are for remediation. The #microsoft-defender channel on the MacAdmins Slack is the best resource I've found for questions about MDATP. The lead engineer for MDATP checks in there regularly and responds to questions.

pramodmac
New Contributor III

Posted on ‎03-16-2021 01:22 PM

Hello All,
I have configured the policy for MDATP and the configuration profiles (steps here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies ) and scooped it to all our Lab's, however the configuration profiles like (DEFENDER - NETWORK FILTER, MDATP,MDATP MDAV - GRANT FULL DISK ACCESS TO EDR AND AV & other 5 config profiles) are in "pending state" in few of the labs for days now, computers are regularly checking-in, but the STATUS shows pending) and does not even giving any error log's to flush & re-run) all the machines are running Mohave OS. any help is appreciated.

0 Kudos

gabester
Contributor III

Posted on ‎03-17-2021 12:57 PM

I have to say that MS documentation seems like it was written by someone who has never even completed a jamf 100 training; it's about 10 times longer than it really needs to be. It begs the question, why not just include some downloadable config profiles to import rather than tell people to do all that manual work.

It certainly doesn't seem like there's good reason for so many, granular config profiles but every environment works differently!

@pramodmac Is APNS working properly in your lab? The lack of logging from config profiles vs policies is one of many things that gives me pause managing Macs going forward since this is Apple's chosen direction. Try sending a blank push to a pending device?

0 Kudos

bcbackes
Contributor III

Posted on ‎03-23-2021 07:09 AM

@gabester check out this: Defender Config Profiles

I came across that I think on macadmin slack channel for Defender. Unfortunately, I had manually created all the config profiles. Then eventually came across a couple schemas that would work better for managing the MDAV Configuration Settings and the MDAV MAU settings configuration profiles.

0 Kudos

petestanley
New Contributor III

Posted on ‎05-17-2021 10:08 AM

100% with @gabester , MS documentation on Defender for Mac is appalling. Barely follows best practices, links to content that isn't applicable for centralized rollouts, and poorly formatted.

0 Kudos

markdmatthews
Contributor

Posted on ‎02-08-2022 11:59 AM

Be on the look out IF you scope anything for Microsoft Defender ATP - Installed... starting with version 101.56.35 the name is now Microsoft Defender.app

So use like or add both Application Title > is > Microsoft Defender ATP.app OR Application Title > is > Microsoft Defender.app