0
(0)

 Important

This article contains instructions for how to set preferences for Microsoft Defender for Endpoint on macOS in enterprise organizations. To configure Microsoft Defender for Endpoint on macOS using the command-line interface, see Resources.

Summary

In enterprise organizations, Microsoft Defender for Endpoint on macOS can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.

This article describes the structure of the configuration profile, includes a recommended profile that you can use to get started, and provides instructions on how to deploy the profile.

Configuration profile structure

The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.

 Caution

The layout of the configuration profile depends on the management console that you are using. The following sections contain examples of configuration profiles for JAMF and Intune.

The top level of the configuration profile includes product-wide preferences and entries for subareas of Microsoft Defender for Endpoint, which are explained in more detail in the next sections.

Antivirus engine preferences

The antivirusEngine section of the configuration profile is used to manage the preferences of the antivirus component of Microsoft Defender for Endpoint.


ANTIVIRUS ENGINE PREFERENCES
Section Value
Domain com.microsoft.wdav
Key antivirusEngine
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.

Enable / disable real-time protection

Specify whether to enable real-time protection, which scans files as they are accessed.


ENABLE / DISABLE REAL-TIME PROTECTION
Section Value
Domain com.microsoft.wdav
Key enableRealTimeProtection
Data type Boolean
Possible values true (default)false

Enable / disable passive mode

Specify whether the antivirus engine runs in passive mode. Passive mode has the following implications:

  • Real-time protection is turned off
  • On-demand scanning is turned on
  • Automatic threat remediation is turned off
  • Security intelligence updates are turned on
  • Status menu icon is hidden

ENABLE / DISABLE PASSIVE MODE
Section Value
Domain com.microsoft.wdav
Key passiveMode
Data type Boolean
Possible values false (default)true
Comments Available in Microsoft Defender for Endpoint version 100.67.60 or higher.

Run a scan after definitions are updated

Specifies whether to start a process scan after new security intelligence updates are downloaded on the device. Enabling this setting will trigger an antivirus scan on the running processes of the device.


RUN A SCAN AFTER DEFINITIONS ARE UPDATED
Section Value
Domain com.microsoft.wdav
Key scanAfterDefinitionUpdate
Data type Boolean
Possible values true (default)false
Comments Available in Microsoft Defender for Endpoint version 101.41.10 or higher.

Scan archives (on-demand antivirus scans only)

Specifies whether to scan archives during on-demand antivirus scans.


SCAN ARCHIVES (ON-DEMAND ANTIVIRUS SCANS ONLY)
Section Value
Domain com.microsoft.wdav
Key scanArchives
Data type Boolean
Possible values true (default)false
Comments Available in Microsoft Defender for Endpoint version 101.41.10 or higher.

Degree of parallelism for on-demand scans

Specifies the degree of parallelism for on-demand scans. This corresponds to the number of threads used to perform the scan and impacts the CPU usage, as well as the duration of the on-demand scan.


DEGREE OF PARALLELISM FOR ON-DEMAND SCANS
Section Value
Domain com.microsoft.wdav
Key maximumOnDemandScanThreads
Data type Integer
Possible values 2 (default). Allowed values are integers between 1 and 64.
Comments Available in Microsoft Defender for Endpoint version 101.41.10 or higher.

Exclusion merge policy

Specify the merge policy for exclusions. This can be a combination of administrator-defined and user-defined exclusions (merge), or only administrator-defined exclusions (admin_only). This setting can be used to restrict local users from defining their own exclusions.


EXCLUSION MERGE POLICY
Section Value
Domain com.microsoft.wdav
Key exclusionsMergePolicy
Data type String
Possible values merge (default)admin_only
Comments Available in Microsoft Defender for Endpoint version 100.83.73 or higher.

Scan exclusions

Specify entities excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names. (Exclusions are specified as an array of items, administrator can specify as many elements as necessary, in any order.)


SCAN EXCLUSIONS
Section Value
Domain com.microsoft.wdav
Key exclusions
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.
Type of exclusion

Specify content excluded from being scanned by type.


TYPE OF EXCLUSION
Section Value
Domain com.microsoft.wdav
Key $type
Data type String
Possible values excludedPathexcludedFileExtension

excludedFileName

Path to excluded content

Specify content excluded from being scanned by full file path.


PATH TO EXCLUDED CONTENT
Section Value
Domain com.microsoft.wdav
Key path
Data type String
Possible values valid paths
Comments Applicable only if $type is excludedPath

Supported exclusion types

The follow table shows the exclusion types supported by Defender for Endpoint on Mac.


SUPPORTED EXCLUSION TYPES
Exclusion Definition Examples
File extension All files with the extension, anywhere on the device .test
File A specific file identified by the full path /var/log/test.log/var/log/*.log

/var/log/install.?.log

Folder All files under the specified folder (recursively) /var/log//var/*/
Process A specific process (specified either by the full path or file name) and all files opened by it /bin/catcat

c?t

 Important

The paths above must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running file <path-name>.

File, folder, and process exclusions support the following wildcards:


TABLE 12
Wildcard Description Example Matches Does not match
* Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) /var/\*/\*.log /var/log/system.log /var/log/nested/system.log
? Matches any single character file?.log file1.logfile2.log file123.log

Path type (file / directory)

Indicate if the path property refers to a file or directory.


PATH TYPE (FILE / DIRECTORY)
Section Value
Domain com.microsoft.wdav
Key isDirectory
Data type Boolean
Possible values false (default)true
Comments Applicable only if $type is excludedPath

File extension excluded from the scan

Specify content excluded from being scanned by file extension.


FILE EXTENSION EXCLUDED FROM THE SCAN
Section Value
Domain com.microsoft.wdav
Key extension
Data type String
Possible values valid file extensions
Comments Applicable only if $type is excludedFileExtension

Process excluded from the scan

Specify a process for which all file activity is excluded from scanning. The process can be specified either by its name (for example, cat) or full path (for example, /bin/cat).


PROCESS EXCLUDED FROM THE SCAN
Section Value
Domain com.microsoft.wdav
Key name
Data type String
Possible values any string
Comments Applicable only if $type is excludedFileName

Allowed threats

Specify threats by name that are not blocked by Defender for Endpoint on Mac. These threats will be allowed to run.


ALLOWED THREATS
Section Value
Domain com.microsoft.wdav
Key allowedThreats
Data type Array of strings

Disallowed threat actions

Restricts the actions that the local user of a device can take when threats are detected. The actions included in this list are not displayed in the user interface.


DISALLOWED THREAT ACTIONS
Section Value
Domain com.microsoft.wdav
Key disallowedThreatActions
Data type Array of strings
Possible values allow (restricts users from allowing threats)restore (restricts users from restoring threats from the quarantine)
Comments Available in Microsoft Defender for Endpoint version 100.83.73 or higher.

Threat type settings

Specify how certain threat types are handled by Microsoft Defender for Endpoint on macOS.


THREAT TYPE SETTINGS
Section Value
Domain com.microsoft.wdav
Key threatTypeSettings
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.
Threat type

Specify threat types.


THREAT TYPE
Section Value
Domain com.microsoft.wdav
Key key
Data type String
Possible values potentially_unwanted_applicationarchive_bomb
Action to take

Specify what action to take when a threat of the type specified in the preceding section is detected. Choose from the following options:

  • Audit: your device is not protected against this type of threat, but an entry about the threat is logged.
  • Block: your device is protected against this type of threat and you are notified in the user interface and the security console.
  • Off: your device is not protected against this type of threat and nothing is logged.

ACTION TO TAKE
Section Value
Domain com.microsoft.wdav
Key value
Data type String
Possible values audit (default)block

off

Threat type settings merge policy

Specify the merge policy for threat type settings. This can be a combination of administrator-defined and user-defined settings (merge) or only administrator-defined settings (admin_only). This setting can be used to restrict local users from defining their own settings for different threat types.


Section Value
Domain com.microsoft.wdav
Key threatTypeSettingsMergePolicy
Data type String
Possible values merge (default)admin_only
Comments Available in Microsoft Defender for Endpoint version 100.83.73 or higher.

Antivirus scan history retention (in days)

Specify the number of days that results are retained in the scan history on the device. Old scan results are removed from the history. Old quarantined files that are also removed from the disk.


Section Value
Domain com.microsoft.wdav
Key scanResultsRetentionDays
Data type String
Possible values 90 (default). Allowed values are from 1 day to 180 days.
Comments Available in Microsoft Defender for Endpoint version 101.07.23 or higher.

Maximum number of items in the antivirus scan history

Specify the maximum number of entries to keep in the scan history. Entries include all on-demand scans performed in the past and all antivirus detections.


Section Value
Domain com.microsoft.wdav
Key scanHistoryMaximumItems
Data type String
Possible values 10000 (default). Allowed values are from 5000 items to 15000 items.
Comments Available in Microsoft Defender for Endpoint version 101.07.23 or higher.

Cloud-delivered protection preferences

Configure the cloud-driven protection features of Microsoft Defender for Endpoint on macOS.


Section Value
Domain com.microsoft.wdav
Key cloudService
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.

Enable / disable cloud-delivered protection

Specify whether to enable cloud-delivered protection the device or not. To improve the security of your services, we recommend keeping this feature turned on.


Section Value
Domain com.microsoft.wdav
Key enabled
Data type Boolean
Possible values true (default)false

Diagnostic collection level

Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Microsoft Defender for Endpoint to Microsoft.


Section Value
Domain com.microsoft.wdav
Key diagnosticLevel
Data type String
Possible values optional (default)required

Enable / disable automatic sample submissions

Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.


Section Value
Domain com.microsoft.wdav
Key automaticSampleSubmission
Data type Boolean
Possible values true (default)false

Enable / disable automatic security intelligence updates

Determines whether security intelligence updates are installed automatically:


Section Value
Key automaticDefinitionUpdateEnabled
Data type Boolean
Possible values true (default)false

User interface preferences

Manage the preferences for the user interface of Microsoft Defender for Endpoint on macOS.


Section Value
Domain com.microsoft.wdav
Key userInterface
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.

Show / hide status menu icon

Specify whether to show or hide the status menu icon in the top-right corner of the screen.


Section Value
Domain com.microsoft.wdav
Key hideStatusMenuIcon
Data type Boolean
Possible values false (default)true

Show / hide option to send feedback

Specify whether users can submit feedback to Microsoft by going to Help > Send Feedback.


Section Value
Domain com.microsoft.wdav
Key userInitiatedFeedback
Data type String
Possible values enabled (default)disabled
Comments Available in Microsoft Defender for Endpoint version 101.19.61 or higher.

Endpoint detection and response preferences

Manage the preferences of the endpoint detection and response (EDR) component of Microsoft Defender for Endpoint on macOS.


Section Value
Domain com.microsoft.wdav
Key edr
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.

Device tags

Specify a tag name and its value.

  • The GROUP tag, tags the device with the specified value. The tag is reflected in the portal under the device page and can be used for filtering and grouping devices.

Section Value
Domain com.microsoft.wdav
Key tags
Data type Dictionary (nested preference)
Comments See the following sections for a description of the dictionary contents.
Type of tag

Specifies the type of tag


Section Value
Domain com.microsoft.wdav
Key key
Data type String
Possible values GROUP
Value of tag

Specifies the value of tag


Section Value
Domain com.microsoft.wdav
Key value
Data type String
Possible values any string

 Important

  • Only one value per tag type can be set.
  • Type of tags are unique, and should not be repeated in the same configuration profile.

To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Microsoft Defender for Endpoint provides.

The following configuration profile (or, in case of JAMF, a property list that could be uploaded into the custom settings configuration profile) will:

  • Enable real-time protection (RTP)
  • Specify how the following threat types are handled:
    • Potentially unwanted applications (PUA) are blocked
    • Archive bombs (file with a high compression rate) are audited to Microsoft Defender for Endpoint logs
  • Enable automatic security intelligence updates
  • Enable cloud-delivered protection
  • Enable automatic sample submission
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>antivirusEngine</key>
    <dict>
        <key>enableRealTimeProtection</key>
        <true/>
        <key>threatTypeSettings</key>
        <array>
            <dict>
                <key>key</key>
                <string>potentially_unwanted_application</string>
                <key>value</key>
                <string>block</string>
            </dict>
            <dict>
                <key>key</key>
                <string>archive_bomb</string>
                <key>value</key>
                <string>audit</string>
            </dict>
        </array>
    </dict>
    <key>cloudService</key>
    <dict>
        <key>enabled</key>
        <true/>
        <key>automaticSampleSubmission</key>
        <true/>
        <key>automaticDefinitionUpdateEnabled</key>
        <true/>
    </dict>
</dict>
</plist>
XML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
    <dict>
        <key>PayloadUUID</key>
        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadOrganization</key>
        <string>Microsoft</string>
        <key>PayloadIdentifier</key>
        <string>com.microsoft.wdav</string>
        <key>PayloadDisplayName</key>
        <string>Microsoft Defender for Endpoint settings</string>
        <key>PayloadDescription</key>
        <string>Microsoft Defender for Endpoint configuration settings</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadRemovalDisallowed</key>
        <true/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadUUID</key>
                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
                <key>PayloadType</key>
                <string>com.microsoft.wdav</string>
                <key>PayloadOrganization</key>
                <string>Microsoft</string>
                <key>PayloadIdentifier</key>
                <string>com.microsoft.wdav</string>
                <key>PayloadDisplayName</key>
                <string>Microsoft Defender for Endpoint configuration settings</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>antivirusEngine</key>
                <dict>
                    <key>enableRealTimeProtection</key>
                    <true/>
                    <key>passiveMode</key>
                    <false/>
                    <key>threatTypeSettings</key>
                    <array>
                        <dict>
                            <key>key</key>
                            <string>potentially_unwanted_application</string>
                            <key>value</key>
                            <string>block</string>
                        </dict>
                        <dict>
                            <key>key</key>
                            <string>archive_bomb</string>
                            <key>value</key>
                            <string>audit</string>
                        </dict>
                    </array>
                </dict>
                <key>cloudService</key>
                <dict>
                    <key>enabled</key>
                    <true/>
                    <key>automaticSampleSubmission</key>
                    <true/>
                    <key>automaticDefinitionUpdateEnabled</key>
                    <true/>
                </dict>
            </dict>
        </array>
    </dict>
</plist>

Full configuration profile example

The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender for Endpoint on macOS.

Property list for JAMF full configuration profile

XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>antivirusEngine</key>
    <dict>
        <key>enableRealTimeProtection</key>
        <true/>
        <key>passiveMode</key>
        <false/>
        <key>scanAfterDefinitionUpdate</key>
        <true/>
        <key>scanArchives</key>
        <true/>
        <key>maximumOnDemandScanThreads</key>
        <integer>2</integer>
        <key>exclusions</key>
        <array>
            <dict>
                <key>$type</key>
                <string>excludedPath</string>
                <key>isDirectory</key>
                <false/>
                <key>path</key>
                <string>/var/log/system.log</string>
            </dict>
            <dict>
                <key>$type</key>
                <string>excludedPath</string>
                <key>isDirectory</key>
                <true/>
                <key>path</key>
                <string>/home</string>
            </dict>
            <dict>
                <key>$type</key>
                <string>excludedPath</string>
                <key>isDirectory</key>
                <true/>
                <key>path</key>
                <string>/Users/*/git</string>
            </dict>
            <dict>
                <key>$type</key>
                <string>excludedFileExtension</string>
                <key>extension</key>
                <string>pdf</string>
            </dict>
            <dict>
                <key>$type</key>
                <string>excludedFileName</string>
                <key>name</key>
                <string>cat</string>
            </dict>
        </array>
        <key>exclusionsMergePolicy</key>
        <string>merge</string>
        <key>allowedThreats</key>
        <array>
            <string>EICAR-Test-File (not a virus)</string>
        </array>
        <key>disallowedThreatActions</key>
        <array>
            <string>allow</string>
            <string>restore</string>
        </array>
        <key>threatTypeSettings</key>
        <array>
            <dict>
                <key>key</key>
                <string>potentially_unwanted_application</string>
                <key>value</key>
                <string>block</string>
            </dict>
            <dict>
                <key>key</key>
                <string>archive_bomb</string>
                <key>value</key>
                <string>audit</string>
            </dict>
        </array>
        <key>threatTypeSettingsMergePolicy</key>
        <string>merge</string>
    </dict>
    <key>cloudService</key>
    <dict>
        <key>enabled</key>
        <true/>
        <key>diagnosticLevel</key>
        <string>optional</string>
        <key>automaticSampleSubmission</key>
        <true/>
        <key>automaticDefinitionUpdateEnabled</key>
        <true/>
    </dict>
    <key>edr</key>
    <dict>
        <key>tags</key>
        <array>
            <dict>
                <key>key</key>
                <string>GROUP</string>
                <key>value</key>
                <string>ExampleTag</string>
            </dict>
        </array>
    </dict>
    <key>userInterface</key>
    <dict>
        <key>hideStatusMenuIcon</key>
        <false/>
        <key>userInitiatedFeedback</key>
        <string>enabled</string>
    </dict>
</dict>
</plist>

Intune full profile

XML

        <key>PayloadUUID</key>
        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadOrganization</key>
        <string>Microsoft</string>
        <key>PayloadIdentifier</key>
        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
        <key>PayloadDisplayName</key>
        <string>Microsoft Defender for Endpoint settings</string>
        <key>PayloadDescription</key>
        <string>Microsoft Defender for Endpoint configuration settings</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadRemovalDisallowed</key>
        <true/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadUUID</key>
                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
                <key>PayloadType</key>
                <string>com.microsoft.wdav</string>
                <key>PayloadOrganization</key>
                <string>Microsoft</string>
                <key>PayloadIdentifier</key>
                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
                <key>PayloadDisplayName</key>
                <string>Microsoft Defender for Endpoint configuration settings</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>antivirusEngine</key>
                <dict>
                    <key>enableRealTimeProtection</key>
                    <true/>
                    <key>passiveMode</key>
                    <false/>
                    <key>scanAfterDefinitionUpdate</key>
                    <true/>
                    <key>scanArchives</key>
                    <true/>
                    <key>maximumOnDemandScanThreads</key>
                    <integer>1</integer>
                    <key>exclusions</key>
                    <array>
                        <dict>
                            <key>$type</key>
                            <string>excludedPath</string>
                            <key>isDirectory</key>
                            <false/>
                            <key>path</key>
                            <string>/var/log/system.log</string>
                        </dict>
                        <dict>
                            <key>$type</key>
                            <string>excludedPath</string>
                            <key>isDirectory</key>
                            <true/>
                            <key>path</key>
                            <string>/home</string>
                        </dict>
                        <dict>
                            <key>$type</key>
                            <string>excludedPath</string>
                            <key>isDirectory</key>
                            <true/>
                            <key>path</key>
                            <string>/Users/*/git</string>
                        </dict>
                        <dict>
                            <key>$type</key>
                            <string>excludedFileExtension</string>
                            <key>extension</key>
                            <string>pdf</string>
                        </dict>
                        <dict>
                            <key>$type</key>
                            <string>excludedFileName</string>
                            <key>name</key>
                            <string>cat</string>
                        </dict>
                    </array>
                    <key>exclusionsMergePolicy</key>
                    <string>merge</string>
                    <key>allowedThreats</key>
                    <array>
                        <string>EICAR-Test-File (not a virus)</string>
                    </array>
                    <key>disallowedThreatActions</key>
                    <array>
                        <string>allow</string>
                        <string>restore</string>
                    </array>
                    <key>threatTypeSettings</key>
                    <array>
                        <dict>
                            <key>key</key>
                            <string>potentially_unwanted_application</string>
                            <key>value</key>
                            <string>block</string>
                        </dict>
                        <dict>
                            <key>key</key>
                            <string>archive_bomb</string>
                            <key>value</key>
                            <string>audit</string>
                        </dict>
                    </array>
                    <key>threatTypeSettingsMergePolicy</key>
                    <string>merge</string>
                </dict>
                <key>cloudService</key>
                <dict>
                    <key>enabled</key>
                    <true/>
                    <key>diagnosticLevel</key>
                    <string>optional</string>
                    <key>automaticSampleSubmission</key>
                    <true/>
                    <key>automaticDefinitionUpdateEnabled</key>
                    <true/>
                </dict>
                <key>edr</key>
                <dict>
                    <key>tags</key>
                    <array>
                        <dict>
                            <key>key</key>
                            <string>GROUP</string>
                            <key>value</key>
                            <string>ExampleTag</string>
                        </dict>
                    </array>
                </dict>
                <key>userInterface</key>
                <dict>
                    <key>hideStatusMenuIcon</key>
                    <false/>
                    <key>userInitiatedFeedback</key>
                    <string>enabled</string>
                </dict>
            </dict>
        </array>

Property list validation

The property list must be a valid .plist file. This can be checked by executing:

Bash

plutil -lint com.microsoft.wdav.plist
Output

com.microsoft.wdav.plist: OK

If the file is well-formed, the above command outputs OK and returns an exit code of 0. Otherwise, an error that describes the issue is displayed and the command returns an exit code of 1.

Configuration profile deployment

Once you’ve built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.

JAMF deployment

From the JAMF console, open Computers > Configuration Profiles, navigate to the configuration profile you’d like to use, then select Custom Settings. Create an entry with com.microsoft.wdav as the preference domain and upload the .plist produced earlier.

 Caution

You must enter the correct preference domain (com.microsoft.wdav); otherwise, the preferences will not be recognized by Microsoft Defender for Endpoint.

Intune deployment

  1. Open Manage > Device configuration. Select Manage > Profiles > Create Profile.
  2. Choose a name for the profile. Change Platform=macOS to Profile type=Custom. Select Configure.
  3. Save the .plist produced earlier as com.microsoft.wdav.xml.
  4. Enter com.microsoft.wdav as the custom configuration profile name.
  5. Open the configuration profile and upload the com.microsoft.wdav.xml file. (This file was created in step 3.)
  6. Select OK.
  7. Select Manage > Assignments. In the Include tab, select Assign to All Users & All devices.

 Caution

You must enter the correct custom configuration profile name; otherwise, these preferences will not be recognized by Microsoft Defender for Endpoint.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 32 times, 1 visits today)