Forum Discussion
THRAWN47
Apr 25, 2024Copper Contributor
macOS Scheduled Scan XML profile will remove DLP key and value from managed preferences
Refer to the MS support article for setting Scheduled Scans for Defender EP on macOS:
"How to schedule scans with Microsoft Defender for Endpoint on macOS - Microsoft Defender for Endpoint | Microsoft Learn"
When implementing the XML via Jamf Pro MDM via a configuration profile targeting com.microsoft.wdav, the result removes the Data Loss Prevention key and value from Managed Preferences as set via the JSON schema configuration profile, thus rendering it as disabled. Once the scan settings are removed, DLP is enabled again. This is repeatable.
Deploying an XML, like the one below for Scheduled Scans, will override DLP settings made with another config profile:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>features</key> <dict> <key>scheduledScan</key> <string>enabled</string> </dict> <key>scheduledScan</key> <dict> <key>ignoreExclusions</key> <true/> <key>lowPriorityScheduledScan</key> <true/> <key>dailyConfiguration</key> <dict> <key>timeOfDay</key> <integer>720</integer> </dict> <key>weeklyConfiguration</key> <dict> <key>dayOfWeek</key> <integer>5</integer> <key>timeOfDay</key> <integer>840</integer> <key>scanType</key> <string>full</string> </dict> </dict> </dict> </plist>
This needs reviewing by Microsoft as soon as possible.
No RepliesBe the first to reply