Forum Discussion
hibi6x
Feb 14, 2024Copper Contributor
MDE on MacOS migration from 3rd party AV
Hi, We are planning migration from 3rd party AV and we want to ensure smooth migration. We have Windows clients and MacOS in scope. We want to ensure that during migration when we are switching from...
rahuljindal-MVP
Feb 14, 2024Bronze Contributor
What is your migration strategy? Test MDE while non MS security solution is still running as the primary on the macOS devices? If yes, then you will need to configure Defender to run in Passive mode through the plist file.
hibi6x
Feb 14, 2024Copper Contributor
Thank you for your response. MDE is already installed and running in the passive mode. There is 3rd party AV and EDR in prime. Why I am looking for MDE exclusion is following. I will board MDE to defender portal then EDR processes will start as well from MDE, then uninstall 3rd party AV so MDE AV will be active. In case of rollback I want just to push back 3rd party AV and then MDE will go to passive but EDR sensor from MDE will still sending telemetry. Therefore I am looking what 3rd party AV must exclude in terms of the EDR processes from MDE and whatever is still running when MDE is in passive
- rahuljindal-MVPFeb 14, 2024Bronze ContributorPersonally, I am not aware of any exclusions needed for macOS. Telemetry data through the sensor is generally allowed unless blocked explicitly.