Help

Installing & setting up Microsoft Defender breaks OneDrive

abailey1
New Contributor II

2 weeks ago

Hi, I am facing an issue where I have followed Microsoft instructions here:

 

https://learn.microsoft.com/en-us/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide

 

To get Defender running on our Macs, however it breaks Onedrive. Throwing the "OneDrive Files On-Demand didn't start. Please restart your computer and try again."

 

I have done some digging and 'I'm pretty sure the issue is the MDATP MDAV System Extensions configuration policy.

 

This is set to only allow system extensions you add to the list, the document tells you to add the below:

  • com.microsoft.wdav.epsext
  • com.microsoft.wdav.netext

Then OneDrive breaks so i'm pretty sure I just need a specific system extension to add for OneDrive but I can't get this information from Jamf support or Microsoft.

0 Kudos
5 REPLIES 5

elsmith
Contributor II

a week ago

We have MDE on all our Macs and haven't seen any issues with OneDrive. We do have a OneDrive configuration profile, but it has nothing about the OneDrive system extension - it's just got things like "OpenAtLogin" or "FilesOnDemandEnabled" and also allows us to block Personal OneDrive use with "DisablePersonalSync" and "AllowTennantList" settings.

We split the MDE profiles into several profiles since we're asked to change settings every so often, but the System Extension profile is only one of those... and this is what it looks like:

Screenshot 2024-04-30 at 6.29.21 AM.pngIf I may ask, how did you narrow it down to being a problem with that particular profile?

abailey1
New Contributor II
In response to elsmith

a week ago

Hi, 

Thank you so much for your response. I got it down to that profile as someone mentioned it in this thread: https://community.jamf.com/t5/jamf-pro/onedrive-not-singing-in-on-mac/m-p/314488#M271804

so to test it, I turned that profile off and then OneDrive worked as expected.

 

Could you provide some more info on the OneDrive specific config profiles please? We don't currently have any but have OneDrive working without Defender being installed.

0 Kudos

elsmith
Contributor II
In response to abailey1

a week ago

Of course! The config information for that profile is here: https://learn.microsoft.com/en-us/sharepoint/deploy-and-configure-on-macos

Our profile is below (the red bar is where you put your tenant ID):

OneDrive plist.png

One other note - we do not let users install the AppStore version of OneDrive - we push it out as part of the O365 suite and get our installer(s) directly from Microsoft. I do not know how the AppStore install reacts with these settings.

abailey1
New Contributor II

Thursday

Thanks for the info, we have OneDrive deployed via the AppStore as Jamf requested I do this during troubleshooting steps.

I believe we have found the issue, In the MDATP MDAV System Extensions config policy, I had entered the information in the "extensions" tab aswell as the "system Extensions" tab. This was picked up by another team member, I think I had been looking so long I was blind to it. We removed the settings on that tab and it has worked.

 

I'm going to begin testing on more devices now.

elsmith
Contributor II
In response to abailey1

Thursday

I'm so glad you found it! I completely understand - another set of eyes is sometimes all you need 😀

Good luck!