Update (May 22, 2019): Microsoft Defender ATP is now in public preview


Today, we’re announcing our advances in cross-platform next-generation protection and endpoint detection and response coverage with a new Microsoft solution for Mac. Core components of our unified endpoint security platform, including the new Threat & Vulnerability Management also announced today, will now be available for Mac devices.


We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience. Now we are going a step further by adding our own solution to the options, starting with a limited preview today


As we bring our unified security solution to other platforms, we’re also updating our name to reflect the breadth of this expanded coverage: Microsoft Defender ATP.


There are two key parts for cross-platform support for Microsoft Defender ATP on Mac:


  1. A new user interface on Mac clients called Microsoft Defender ATP. The user interface brings a similar experience to what customers have today on Windows 10 devices.
  2. Reporting for Mac devices on the Microsoft Defender ATP portal.



The Microsoft Defender ATP client


On devices running macOS Mojave, macOS High Sierra, or macOS Sierra that you want to manage and protect, Microsoft Defender ATP can be installed.




In the limited preview, this app provides next-generation antimalware protection and allows end users to review and perform configuration of their protection, including:


  • Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
  • Reviewing detected threats
  • Taking actions on threats, including quarantine, remove, or allow


Users will also be able to configure advanced settings, for example:


  • Disabling or enabling real-time protection, cloud-delivered protection, and automatic sample submission
  • Adding exclusions for files and paths
  • Managing notifications when threats are found
  • Manually checking for security intelligence updates


Note that some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.


The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is properly connected to the cloud.




Reporting within the Microsoft Defender ATP portal


Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Security analysts and admins can review these alerts just as they can do today – except they’ll also see detections on Mac devices.


The following figure shows Mac detections, with all other detections, in the dashboard:




Drilling deeper into individual alerts shows detailed information, including the process tree related to the alert, and further machine context:




Configuration with Microsoft Intune


Configuration, including deployment, can be managed with Microsoft Intune – coming soon. A number of settings can also be configured via alternative Mac and MDM management tools such, as JAMF, available now.


Public review soon


Update (April 1, 2019): Signup for limited preview is closed, but we'll be opening up a broader public preview soon! Be on the lookout for upcoming announcements.


Update (May 22, 2019): Microsoft Defender ATP is now in public preview


We’re continuing to improve Microsoft Defender ATP, and we’d love for you to join us in this journey so we can use your feedback and insights to deliver strong protection across platforms.



Iaan D’Souza-Wiltshire (@iaanMSFT)
Microsoft Defender ATP

Occasional Visitor


New Contributor

Brilliant! (Round it off with common Linux distros maybe?) :smileywink:



Occasional Visitor

Is there a full list of features that will be offered? Is there 100% parity between Windows and macOS? Specifically I am curious about USB restrictions and DLP features that are on the Windows side currently.

Occasional Visitor

I am a home user, that runs Windows 10 on my Mac mini. The computer boots to either OS, on two different hard drives, why is this antivirus not available to protect my entire machine?


I use Fusion by VMware, and the default boot to my computer is MacOS, and runs the physical Windows 10 OS in a virtual machine in Fusion mode. A virus can threaten my Windows half by simply going to the Mac half! This software should be made available to me, just like Defender is for my Windows.

Occasional Visitor

the share button is not working.

you are welcome 

Occasional Visitor

@Eric Avena, will Defender ATP for Mac eventually include SCCM integration as well as Intune? Will it work as a standalone non-managed product like the old SCEP application functioned? 

Occasional Contributor

@Eric Avena Thanks for the updates above; nice forward movements with Defender ATP. KeRangerRansom in the Mac client above is reported as a severe threat, but in the Microsoft Defender ATP portal is only listed as a low threat. Is the differential ranking due to the portal assessing the threat level of this individual detection on a Mac within the wider context of everything else that's happening across all endpoints? That is, is the differential due to automatic prioritization for the SecOps analyst ... or something else?

Occasional Contributor

@Eric Avena Is the integration between Microsoft Defender ATP on macOS enabled for usage data sharing with Microsoft Cloud App Security during the preview?

Regular Visitor

@Eric Avena, we have been testing the preview on MAC. Fundamentally the preview is working, though some data is missing in ATP console. We are very interested in the the public review date. I believe the public review should have more improvements. Can you please tell me when the public review will be released, if possible?




Occasional Visitor

Echo the comments from Dean.


Currently preparing for a PoC, to be able to fairly assess the usage across platforms it would be great to establish when this will be hitting GA!