Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Announcing Microsoft Defender ATP for Mac
Published Mar 21 2019 12:00 AM 144K Views
Microsoft

Update: Microsoft Defender ATP for Mac is generally available as of June 28, 2019.

 

Today, we’re announcing our advances in cross-platform next-generation protection and endpoint detection and response coverage with a new Microsoft solution for Mac. Core components of our unified endpoint security platform, including the new Threat & Vulnerability Management also announced today, will now be available for Mac devices.

 

We’ve been working closely with industry partners to enable Windows Defender Advanced Threat Protection (ATP) customers to protect their non-Windows devices while keeping a centralized “single pane of glass” experience. Now we are going a step further by adding our own solution to the options, starting with a limited preview today

 

As we bring our unified security solution to other platforms, we’re also updating our name to reflect the breadth of this expanded coverage: Microsoft Defender ATP.

 

There are two key parts for cross-platform support for Microsoft Defender ATP on Mac:

 

  1. A new user interface on Mac clients called Microsoft Defender ATP. The user interface brings a similar experience to what customers have today on Windows 10 devices.
  2. Reporting for Mac devices on the Microsoft Defender ATP portal.

 

 

The Microsoft Defender ATP client

 

On devices running macOS Mojave, macOS High Sierra, or macOS Sierra that you want to manage and protect, Microsoft Defender ATP can be installed.

 

microsoft-defender-atp-for-mac-1-virus-threat-protection.png

 

In the limited preview, this app provides next-generation antimalware protection and allows end users to review and perform configuration of their protection, including:

 

  • Running scans, including full, quick, and custom path scans (we recommend quick scans in nearly all scenarios)
    microsoft-defender-atp-for-mac-2-scan-options.png
  • Reviewing detected threats
    microsoft-defender-atp-for-mac-3-protection-history.png
  • Taking actions on threats, including quarantine, remove, or allow
    microsoft-defender-atp-for-mac-4-take-action.png

 

Users will also be able to configure advanced settings, for example:

 

  • Disabling or enabling real-time protection, cloud-delivered protection, and automatic sample submission
  • Adding exclusions for files and paths
  • Managing notifications when threats are found
  • Manually checking for security intelligence updates

 

Note that some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.

 

The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is properly connected to the cloud.

 

microsoft-defender-atp-for-mac-5-autoupdate.png

 

Reporting within the Microsoft Defender ATP portal

 

Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Security analysts and admins can review these alerts just as they can do today – except they’ll also see detections on Mac devices.

 

The following figure shows Mac detections, with all other detections, in the dashboard:

 

microsoft-defender-atp-for-mac-6-security-operations.png

 

Drilling deeper into individual alerts shows detailed information, including the process tree related to the alert, and further machine context:

 

microsoft-defender-atp-for-mac-7-alert.png

 

Configuration with Microsoft Intune

 

Configuration, including deployment, can be managed with Microsoft Intune – coming soon. A number of settings can also be configured via alternative Mac and MDM management tools such, as JAMF, available now.

 

Public review soon

 

Update (April 1, 2019): Signup for limited preview is closed, but we'll be opening up a broader public preview soon! Be on the lookout for upcoming announcements.

 

Update (May 22, 2019): Microsoft Defender ATP is now in public preview

 

We’re continuing to improve Microsoft Defender ATP, and we’d love for you to join us in this journey so we can use your feedback and insights to deliver strong protection across platforms.

 

 

Iaan D’Souza-Wiltshire (@iaanMSFT)
Microsoft Defender ATP

 
21 Comments
Brass Contributor

Excellent!

Iron Contributor

Brilliant! (Round it off with common Linux distros maybe?) Smiley Wink

Iron Contributor

Awesome!

Copper Contributor

Is there a full list of features that will be offered? Is there 100% parity between Windows and macOS? Specifically I am curious about USB restrictions and DLP features that are on the Windows side currently.

Copper Contributor

I am a home user, that runs Windows 10 on my Mac mini. The computer boots to either OS, on two different hard drives, why is this antivirus not available to protect my entire machine?

 

I use Fusion by VMware, and the default boot to my computer is MacOS, and runs the physical Windows 10 OS in a virtual machine in Fusion mode. A virus can threaten my Windows half by simply going to the Mac half! This software should be made available to me, just like Defender is for my Windows.

Copper Contributor

the share button is not working.

you are welcome 

Copper Contributor

@Eric Avena, will Defender ATP for Mac eventually include SCCM integration as well as Intune? Will it work as a standalone non-managed product like the old SCEP application functioned? 

Iron Contributor

@Eric Avena Thanks for the updates above; nice forward movements with Defender ATP. KeRangerRansom in the Mac client above is reported as a severe threat, but in the Microsoft Defender ATP portal is only listed as a low threat. Is the differential ranking due to the portal assessing the threat level of this individual detection on a Mac within the wider context of everything else that's happening across all endpoints? That is, is the differential due to automatic prioritization for the SecOps analyst ... or something else?

Iron Contributor

@Eric Avena Is the integration between Microsoft Defender ATP on macOS enabled for usage data sharing with Microsoft Cloud App Security during the preview?

Copper Contributor

@Eric Avena, we have been testing the preview on MAC. Fundamentally the preview is working, though some data is missing in ATP console. We are very interested in the the public review date. I believe the public review should have more improvements. Can you please tell me when the public review will be released, if possible?

 

Thanks,

Dean

Copper Contributor

Echo the comments from Dean.

 

Currently preparing for a PoC, to be able to fairly assess the usage across platforms it would be great to establish when this will be hitting GA!

 

Sharon

Copper Contributor

Hi Guys, 

We are supposed to be entitled for this as part of our OVS-ES Agreement, but since not yet supporting MACs, we are planning to purchase a thirdparty Antivirus to provide some sort of protection... I'm wondering, when Windows Defender will be fully support Apple products ? Any definitive dates ?

 

Regards, 

 

Iron Contributor

Whilst i'm able to enroll my Mac and the ATP client can talk to my MDATP tenant i see virtually no information in the console (Software Inventory, Security Assessment, Discovered Vulnerabilities etc). My Windows enrolled clients do not have this problem. 

Iron Contributor

Yes, even I had same question. I got the info from differnt forum that, Microsoft keep on update features the MDATP for MacOS. 

 

Microsoft

@shawn harry@Vadivelu B

Richer capabilities will be iteratively added over the next months as part of our upcoming releases. - Make sure to turn on preview features in Microsoft Defender Security Center to always get the latest feature set and follow this blog and Twitter channel for the latest announcements. And please leverage MDATP for Mac app "Help > Send feedback" on your device or "feedback button" in Microsoft Defender Security Center to share what specific functionality is the most important for your organization.

Iron Contributor

Having trouble completing a Time Machine back up to network while MSATP Mac real time protection is turned on. TM Backups to local volumes unaffected. Excluding backupd and backupd-helper, plus the destination volume, has no effect: the destination .sparsebundle image never gets beyond zero bytes in size. I have a support case with MS on this topic, in case anyone is interested.

Copper Contributor

Have the same experience as @Rob Hardman Do anyone have a status on this problem?

Copper Contributor

Are there plans to support scheduled scans?

Iron Contributor

@H_gstr_m version 100.79.42 might fix the issue (not personally tested yet).

Copper Contributor

I have afew users that will be getting mac's as their 2nd device. Will the ES licence they have covered them with ATP or both their windows device and mac?

 

Iron Contributor

@Ed_LZ  yes. If you have E5 you can leverage the windows ATP defender for both Mac and Windows platform. 

Version history
Last update:
‎Sep 16 2020 06:27 PM
Updated by: