Update (May 22, 2019): Microsoft Defender ATP is now in public preview.
Today, we’re announcing our advances in cross-platform next-generation protection and endpoint detection and response coverage with a new Microsoft solution for Mac. Core components of our unified endpoint security platform, including the new Threat & Vulnerability Management also announced today, will now be available for Mac devices.
We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience. Now we are going a step further by adding our own solution to the options, starting with a limited preview today
As we bring our unified security solution to other platforms, we’re also updating our name to reflect the breadth of this expanded coverage: Microsoft Defender ATP.
There are two key parts for cross-platform support for Microsoft Defender ATP on Mac:
The Microsoft Defender ATP client
On devices running macOS Mojave, macOS High Sierra, or macOS Sierra that you want to manage and protect, Microsoft Defender ATP can be installed.
In the limited preview, this app provides next-generation antimalware protection and allows end users to review and perform configuration of their protection, including:
Users will also be able to configure advanced settings, for example:
Note that some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.
The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is properly connected to the cloud.
Reporting within the Microsoft Defender ATP portal
Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Security analysts and admins can review these alerts just as they can do today – except they’ll also see detections on Mac devices.
The following figure shows Mac detections, with all other detections, in the dashboard:
Drilling deeper into individual alerts shows detailed information, including the process tree related to the alert, and further machine context:
Configuration with Microsoft Intune
Configuration, including deployment, can be managed with Microsoft Intune – coming soon. A number of settings can also be configured via alternative Mac and MDM management tools such, as JAMF, available now.
Public review soon
Update (April 1, 2019): Signup for limited preview is closed, but we'll be opening up a broader public preview soon! Be on the lookout for upcoming announcements.
We’re continuing to improve Microsoft Defender ATP, and we’d love for you to join us in this journey so we can use your feedback and insights to deliver strong protection across platforms.
Iaan D’Souza-Wiltshire (@iaanMSFT)
Microsoft Defender ATP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.