Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Announcing Microsoft Defender ATP for Mac
Published Mar 21 2019 12:00 AM 144K Views
Microsoft

Update: Microsoft Defender ATP for Mac is generally available as of June 28, 2019.

 

Today, we’re announcing our advances in cross-platform next-generation protection and endpoint detection and response coverage with a new Microsoft solution for Mac. Core components of our unified endpoint security platform, including the new Threat & Vulnerability Management also announced today, will now be available for Mac devices.

 

We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience. Now we are going a step further by adding our own solution to the options, starting with a limited preview today

 

As we bring our unified security solution to other platforms, we’re also updating our name to reflect the breadth of this expanded coverage: Microsoft Defender ATP.

 

There are two key parts for cross-platform support for Microsoft Defender ATP on Mac:

 

  1. A new user interface on Mac clients called Microsoft Defender ATP. The user interface brings a similar experience to what customers have today on Windows 10 devices.
  2. Reporting for Mac devices on the Microsoft Defender ATP portal.

 

 

The Microsoft Defender ATP client

 

On devices running macOS Mojave, macOS High Sierra, or macOS Sierra that you want to manage and protect, Microsoft Defender ATP can be installed.

 

microsoft-defender-atp-for-mac-1-virus-threat-protection.png

 

In the limited preview, this app provides next-generation antimalware protection and allows end users to review and perform configuration of their protection, including:

 

  • Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
    microsoft-defender-atp-for-mac-2-scan-options.png
  • Reviewing detected threats
    microsoft-defender-atp-for-mac-3-protection-history.png
  • Taking actions on threats, including quarantine, remove, or allow
    microsoft-defender-atp-for-mac-4-take-action.png

 

Users will also be able to configure advanced settings, for example:

 

  • Disabling or enabling real-time protection, cloud-delivered protection, and automatic sample submission
  • Adding exclusions for files and paths
  • Managing notifications when threats are found
  • Manually checking for security intelligence updates

 

Note that some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.

 

The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is properly connected to the cloud.

 

microsoft-defender-atp-for-mac-5-autoupdate.png

 

Reporting within the Microsoft Defender ATP portal

 

Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Security analysts and admins can review these alerts just as they can do today – except they’ll also see detections on Mac devices.

 

The following figure shows Mac detections, with all other detections, in the dashboard:

 

microsoft-defender-atp-for-mac-6-security-operations.png

 

Drilling deeper into individual alerts shows detailed information, including the process tree related to the alert, and further machine context:

 

microsoft-defender-atp-for-mac-7-alert.png

 

Configuration with Microsoft Intune

 

Configuration, including deployment, can be managed with Microsoft Intune – coming soon. A number of settings can also be configured via alternative Mac and MDM management tools such, as JAMF, available now.

 

Public review soon

 

Update (April 1, 2019): Signup for limited preview is closed, but we'll be opening up a broader public preview soon! Be on the lookout for upcoming announcements.

 

Update (May 22, 2019): Microsoft Defender ATP is now in public preview

 

We’re continuing to improve Microsoft Defender ATP, and we’d love for you to join us in this journey so we can use your feedback and insights to deliver strong protection across platforms.

 

 

Iaan D’Souza-Wiltshire (@iaanMSFT)
Microsoft Defender ATP

 
21 Comments
Version history
Last update:
‎Sep 16 2020 06:27 PM
Updated by: