Forum Discussion
MDE apparently blocks MacOS Monterey 12.1 / 12.2 upgrades?
The last days we have encountered a situation where the upgrade to MacOS Monterey 12.1 or 12.2 fails. After several reboots the machine returns to the state before the upgrade started, with the ad...
Yes, same here. From 12.1 to 12.2. upgrade completed but after last reboot, MacOS remained on 12.1.
Looking at the logs, there were errors related to DLP and Defender which creates some issue with the upgraded disk Volume. Seems like the Upgrade process doesn't like this and thinks there is an issue and rolls back to the previous snapshot or something like that thus remaining on 12.1 instead of being upgraded to 12.2
I was able to get it through after I added com.apple.MobileSoftwareUpdate.UpdateBrainService to the process exclusion list in Defender. Not sure if that's what did it or I was just lucky.
I also now see that DLP (Data Loss Protection) seems supported in MDE for MacOS and my logs were full or errors related to it since it was not properly configured/enabled in intune and this was preventing some extensions in MacOS from being loaded properly, possibly making this more problematic since the filesystem didn't seem to recognize the DLP attributes in the filesystem properly because of this.
I properly allowed and enable the DLP loading in MDE (mdatp health)
data_loss_prevention_status : "active"
And DLP errors are gone and it seems to properly works now. as I see logs being pushed to 365 Compliance. However, be careful, this seems to have a huge CPU and IO impact on everything.
Looking at the logs, there were errors related to DLP and Defender which creates some issue with the upgraded disk Volume. Seems like the Upgrade process doesn't like this and thinks there is an issue and rolls back to the previous snapshot or something like that thus remaining on 12.1 instead of being upgraded to 12.2
I was able to get it through after I added com.apple.MobileSoftwareUpdate.UpdateBrainService to the process exclusion list in Defender. Not sure if that's what did it or I was just lucky.
I also now see that DLP (Data Loss Protection) seems supported in MDE for MacOS and my logs were full or errors related to it since it was not properly configured/enabled in intune and this was preventing some extensions in MacOS from being loaded properly, possibly making this more problematic since the filesystem didn't seem to recognize the DLP attributes in the filesystem properly because of this.
I properly allowed and enable the DLP loading in MDE (mdatp health)
data_loss_prevention_status : "active"
And DLP errors are gone and it seems to properly works now. as I see logs being pushed to 365 Compliance. However, be careful, this seems to have a huge CPU and IO impact on everything.
Where do you find information about this setting?
data_loss_prevention_status : "active"
I can't find any Microsoft Docs on how to enable/disable or what dormant even means.
data_loss_prevention_status : "active"
I can't find any Microsoft Docs on how to enable/disable or what dormant even means.