macOS Defender -- health/config status, repairing misconfigured devices.

Occasional Contributor

My predecessor deployed Microsoft Defender to our macOS devices before deploying the configuration profiles,
resulting in many of them not have any content in the device timeline in Security Center
and in the terminal command run locally on the computers
mdatp --health
realTimeProtectionAvailable : false
realTimeProtectionEnabled : false


How can I identify the computers that aren't configured correctly, and fix them?


Perhaps a macOS script that evaluates the MS Defender health of a device's install, logs it,
and if there's a problem, deletes Defender from the computer ?
sudo rm -rf /Applications/Microsoft\ Defender\

Then Intune would automatically reinstall the "required" Defender app, which would now work properly because the prerequisite config profiles are now present at install.

And, it'd be nice to know if there's proactive monitoring in Security Center letting me know that there's a config problem with a macOS connected device, besides having to run this command locally on every computer
mdatp --health
and checking for
realTimeProtectionAvailable : false
realTimeProtectionEnabled : false

0 Replies