-->
![Mac Mac](/uploads/1/1/8/9/118988952/456061018.jpg)
- Microsoft Defender Atp For Mac
- Microsoft Antivirus For Mac Catalina
- Microsoft Antivirus For Mac Windows 10
Microsoft Defender ATP for Mac currently includes preventive antivirus capabilities and reporting via Microsoft Defender Security Center. With the new EDR capabilities, Microsoft Defender ATP customers will have the ability to detect advanced attacks that involve macOS devices, utilize rich investigation experiences, and quickly remediate threats. Announcing Microsoft Defender ATP for Mac Update: Microsoft Defender ATP for Mac is generally available as of June 28, 2019. Today, we’re announcing our advances in cross-platform next-generation protection and endpoint detection and response coverage with a new Microsoft solution for Mac.
Important
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
Important
In preparation for macOS 11 Big Sur, we are getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
The update is applicable to devices running macOS version 10.15.4 or later.
To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
Timing:
- Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update by August 10, 2020.
- Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready by September 07, 2020.
Action is needed by IT administrator. Review the steps below and assess the impact on your organization:
- Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version.
Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade. - Refer to this documentation for detailed configuration information and instructions: New configuration profiles for macOS Catalina and newer versions of macOS.
- Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
101.09.61
- Added a new managed preference for disabling the option to send feedback
- Status menu icon now shows a healthy state when the product settings are managed. Previously, the status menu icon was displaying a warning or error state, even though the product settings were managed by the administrator
- Performance improvements & bug fixes
101.09.50
- This product version has been validated on macOS Big Sur 11 beta 9ImportantExtensive testing of MDE (Microsoft Defender for Endpoint) with new macOS system extensions revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue.
- The new syntax for the
mdatp
command-line tool is now the default one. For more information on the new syntax, see Resources for Microsoft Defender ATP for MacNoteThe old command-line tool syntax will be removed from the product on January 1st, 2021. - Extended
mdatp diagnostic create
with a new parameter (--path [directory]
) that allows the diagnostic logs to be saved to a different directory - Performance improvements & bug fixes
101.09.49
- User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user
- Improved CPU utilization during on-demand scans
- Performance improvements & bug fixes
101.07.23
- Added new fields to the output of
mdatp --health
for checking the status of passive mode and the EDR group IDNotemdatp --health
will be replaced withmdatp health
in a future product update. - Fixed a bug where automatic sample submission was not marked as managed in the user interface
- Added new settings for controlling the retention of items in the antivirus scan history. You can now specify the number of days to retain items in the scan history and specify the maximum number of items in the scan history
- Bug fixes
101.06.63
- Addressed a performance regression introduced in version
101.05.17
. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.
101.05.17
Important
We are working on a new and enhanced syntax for the
mdatp
command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
- Performance improvements & bug fixes
101.05.16
- Improvements to quick scan logic to significantly reduce the number of scanned files
- Added autocompletion support for the command-line tool
- Bug fixes
101.03.12
- Performance improvements & bug fixes
101.01.54
- Improvements around compatibility with Time Machine
- Accessibility improvements
- Performance improvements & bug fixes
101.00.31
- Improved product onboarding experience for Intune users
- Antivirus exclusions now support wildcards
- Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select Scan with Microsoft Defender ATP
- In-place product downgrades are now explicitly disallowed by the installer. If you need to downgrade, first uninstall the existing version and reconfigure your device
- Other performance improvements & bug fixes
100.90.27
Microsoft Defender Atp For Mac
- You can now set an update channel for Microsoft Defender ATP for Mac that is different from the system-wide update channel
- New product icon
- Other user experience improvements
- Bug fixes
100.86.92
- Improvements around compatibility with Time Machine
- Addressed an issue where the product was sometimes not cleaning all files under
/Library/Application Support/Microsoft/Defender
during uninstallation - Reduced the CPU utilization of the product when Microsoft products are updated through Microsoft AutoUpdate
- Other performance improvements & bug fixes
100.86.91
Caution
To ensure the most complete protection for your macOS devices and in alignment with Apple stopping delivery of macOS native security updates to OS versions older than [current – 2], MDATP for Mac deployment and updates will no longer be supported on macOS Sierra [10.12]. MDATP for Mac updates and enhancements will be delivered to devices running versions Catalina [10.15], Mojave [10.14], and High Sierra [10.13].
If you already have MDATP for Mac deployed to your Sierra [10.12] devices, please upgrade to the latest macOS version to eliminate risks of losing protection.
- Performance improvements & bug fixes
100.83.73
- Added more controls for IT administrators around management of exclusions, management of threat type settings, and disallowed threat actions
- When Full Disk Access is not enabled on the device, a warning is now displayed in the status menu
- Performance improvements & bug fixes
100.82.60
- Addressed an issue where the product fails to start following a definition update.
100.80.42
- Bug fixes
100.79.42
- Fixed an issue where Microsoft Defender ATP for Mac was sometimes interfering with Time Machine
- Added a new switch to the command-line utility for testing the connectivity with the backend service
- Added ability to view the full threat history in the user interface (can be accessed from the Protection history view)
- Performance improvements & bug fixes
100.72.15
- Bug fixes
100.70.99
- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender ATP locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
100.68.99
- Added the ability to configure the antivirus functionality to run in passive mode
- Performance improvements & bug fixes
100.65.28
- Added support for macOS CatalinaCautionmacOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP:
- For manual deployments, see the updated instructions in the Manual deployment topic.
- For managed deployments, see the updated instructions in the JAMF-based deployment and Microsoft Intune-based deployment topics.
- Performance improvements & bug fixes
Important
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
Caution
Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in Passive mode.
What’s new in the latest release
Tip
If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback.
To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an 'Insider' device. See Enable Microsoft Defender ATP Insider Device.
How to install Microsoft Defender ATP for Mac
Prerequisites
- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
- Beginner-level experience in macOS and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
Installation instructions
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
- Third-party management tools:
- Command-line tool:
System requirements
The three most recent major releases of macOS are supported.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 1GB
Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
Licensing requirements
Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5 (M365 E5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
Note
Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
Network connections
The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
Item | Description |
---|---|
Spreadsheet | The spreadsheet provides specific DNS records for service locations, geographic locations, and OS. |
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
![Mac Mac](/uploads/1/1/8/9/118988952/456061018.jpg)
Warning
Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.
If you prefer the command line, you can also check the connection by running the following command in Terminal:
The output from this command should be similar to the following:
OK https://x.cp.wd.microsoft.com/api/report
Microsoft Antivirus For Mac Catalina
OK https://cdn.x.cp.wd.microsoft.com/ping
Caution
We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
How to update Microsoft Defender ATP for Mac
Microsoft Antivirus For Mac Windows 10
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender ATP for Mac
How to configure Microsoft Defender ATP for Mac
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.
macOS kernel and system extensions
In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.
Resources
- For more information about logging, uninstalling, or other topics, see the Resources page.