Forum Discussion
MS Defender - Installation Error version 101.25072 on macOS
FYI...MS has this posted on their service health status page. They have a fix in the works but sounds like it will be a "side channel" upgrade of some kind. I'm betting we'll be having to push a shell script via MDM that will end up doing a "rip and replace" of sorts.
https://admin.cloud.microsoft/?#/servicehealth/:/alerts/DZ1144032
UPDATE: Microsoft has published the fix. As near as I can tell, it involves pushing out an MDM profile to enable a tamper protection exclusion only for a special "upgrade helper" package Microsoft has provided. You then push out the pkg which sets tamper protection to audit mode, upgrades Defender, then turns tamper protection back on. Instructions and the helper package are found in the below link, which was published in the service health alert linked above.
https://github.com/microsoft/mdatp-xplat/tree/master/macos/upgrade_from_2506_helper
I’ve seen similar reports with the 101.25072 build on macOS. The error often isn’t network-related but tied to the installer package itself. A few things to try:
Fully uninstall the current Defender client (use the official uninstall script from Microsoft).
Reboot and download a fresh copy of the installer directly from the Microsoft Security portal rather than updating in place.
Check macOS system logs (Console.app) during install—sometimes Rosetta 2 or permission issues (system extensions not approved) cause the failure.
If you’re on macOS Sonoma or later, verify that system extension approvals are granted in System Settings > Privacy & Security.
If it still fails, I’d recommend opening a support ticket with Microsoft—this looks like a packaging issue specific to the new release, and it may need a patched installer.