Microsoft Defender ATP announced for Mac.
There are two key parts for cross-platform support for Microsoft Defender ATP on Mac:
- A new user interface on Mac clients called Microsoft Defender ATP. The user interface brings a similar experience to what customers have today on Windows 10 devices.
- Reporting for Mac devices on the Microsoft Defender ATP portal.
“As we bring our unified security solution to other platforms, we’re also updating our name to reflect the breadth of this expanded coverage: Microsoft Defender ATP.”
The Microsoft Defender ATP client
On devices running macOS Mojave, macOS High Sierra, or macOS Sierra that you want to manage and protect, Microsoft Defender ATP can be installed.
- Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
- Reviewing detected threats
- Taking actions on threats, including quarantine, remove, or allow
Users will also be able to configure advanced settings, for example:
- Disabling or enabling real-time protection, cloud-delivered protection, and automatic sample submission
- Adding exclusions for files and paths
- Managing notifications when threats are found
- Manually checking for security intelligence updates
Note that some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.
The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is properly connected to the cloud.
Reporting within the Microsoft Defender ATP portal
Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Security analysts and admins can review these alerts just as they can do today – except they’ll also see detections on Mac devices.
Configuration with Microsoft Intune
Configuration, including deployment, can be managed with Microsoft Intune – coming soon. A number of settings can also be configured via alternative Mac and MDM management tools such, as JAMF, available now.
Now in limited preview
Microsoft Defender ATP customers can now apply for preview, and we will contact customers via email to confirm their participation.