This document contains examples of device control policies that you can customize for your own organization. These examples are applicable if you are using JAMF to manage devices in your enterprise. Restrict access to all removable media The following example restricts access to all removable media. Note the none permission that is applied at the top level […]
Articles Tagged: Microsoft
Device control for macOS (Microsoft)
Requirements Device control for macOS has the following prerequisites: Microsoft Defender for Endpoint entitlement (can be trial) Minimum OS version: macOS 11 or higher Minimum product version: 101.34.20 Device control policy To configure device control for macOS, you must create a policy that describes the restrictions you want to put in place within your organization. […]
Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on macOS
The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint on macOS can detect and block PUA files on endpoints in your network. These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to […]
Set preferences for Microsoft Defender for Endpoint on macOS
Important This article contains instructions for how to set preferences for Microsoft Defender for Endpoint on macOS in enterprise organizations. To configure Microsoft Defender for Endpoint on macOS using the command-line interface, see Resources. Summary In enterprise organizations, Microsoft Defender for Endpoint on macOS can be managed through a configuration profile that is deployed by using […]
Configure and validate exclusions for Microsoft Defender for Endpoint on macOS
This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. Important The exclusions described in this article don’t apply to other Defender for Endpoint on Mac capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still […]
Deploy updates for Microsoft Defender for Endpoint on macOS
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint on macOS, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually. If you decide to deploy updates by […]
Manual deployment for Microsoft Defender for Endpoint on macOS
This topic describes how to deploy Microsoft Defender for Endpoint on macOS manually. A successful deployment requires the completion of all of the following steps: Download installation and onboarding packages Application installation (macOS 10.15 and older versions) Application installation (macOS 11 and newer versions) Client configuration Prerequisites and system requirements Before you get started, see the […]
Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint on macOS
Prerequisites and system requirements Before you get started, see the main Microsoft Defender for Endpoint on macOS page for a description of prerequisites and system requirements for the current software version. Approach Caution Currently, Microsoft officially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint on macOS. Microsoft makes no warranties, […]
Enroll Microsoft Defender for Endpoint on macOS devices into Jamf Pro
Enroll macOS devices There are multiple methods of getting enrolled to JamF. This article will guide you on two methods: Method 1: Enrollment Invitations Method 2: Prestage Enrollments For a complete list, see About Computer Enrollment. Enrollment Method 1: Enrollment Invitations In the Jamf Pro dashboard, navigate to Enrollment invitations. Select + New. In Specify Recipients for the Invitation > […]
Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro
Step 1: Get the Microsoft Defender for Endpoint onboarding package In Microsoft 365 Defender, navigate to Settings > Onboarding. Select macOS as the operating system and Mobile Device Management / Microsoft Intune as the deployment method. Select Download onboarding package (WindowsDefenderATPOnboardingPackage.zip). Extract WindowsDefenderATPOnboardingPackage.zip. Copy the file to your preferred location. For example, C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist. Step 2: Create a configuration profile in Jamf […]