Forum Discussion

hibi6x's avatar
hibi6x
Copper Contributor
Feb 14, 2024

MDE on MacOS migration from 3rd party AV

Hi,

We are planning migration from 3rd party AV and we want to ensure smooth migration. We have Windows clients and MacOS in scope. We want to ensure that during migration when we are switching from 3rd party AV there will be no conflicts. Therefore I follow MS documentation Migrate to Microsoft Defender for Endpoint. Under section 3 there is list of exclusions to be added to existing AV solution when migrating to MDE. However there is only information on Windows client OS and Servers. Nothing mentioned on MacOS. Can someone direct me where I can find it ? Thx

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    What is your migration strategy? Test MDE while non MS security solution is still running as the primary on the macOS devices? If yes, then you will need to configure Defender to run in Passive mode through the plist file.
    • hibi6x's avatar
      hibi6x
      Copper Contributor

      Thank you for your response. MDE is already installed and running in the passive mode. There is 3rd party AV and EDR in prime. Why I am looking for MDE exclusion is following. I will board MDE to defender portal then EDR processes will start as well from MDE, then uninstall 3rd party AV so MDE AV will be active. In case of rollback I want just to push back 3rd party AV and then MDE will go to passive but EDR sensor from MDE will still sending telemetry. Therefore I am looking what 3rd party AV must exclude in terms of the EDR processes from MDE and whatever is still running when MDE is in passive

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        Personally, I am not aware of any exclusions needed for macOS. Telemetry data through the sensor is generally allowed unless blocked explicitly.

Resources