MDE on MacOS migration from 3rd party AV

Copper Contributor


We are planning migration from 3rd party AV and we want to ensure smooth migration. We have Windows clients and MacOS in scope. We want to ensure that during migration when we are switching from 3rd party AV there will be no conflicts. Therefore I follow MS documentation Migrate to Microsoft Defender for Endpoint. Under section 3 there is list of exclusions to be added to existing AV solution when migrating to MDE. However there is only information on Windows client OS and Servers. Nothing mentioned on MacOS. Can someone direct me where I can find it ? Thx

3 Replies
What is your migration strategy? Test MDE while non MS security solution is still running as the primary on the macOS devices? If yes, then you will need to configure Defender to run in Passive mode through the plist file.

Thank you for your response. MDE is already installed and running in the passive mode. There is 3rd party AV and EDR in prime. Why I am looking for MDE exclusion is following. I will board MDE to defender portal then EDR processes will start as well from MDE, then uninstall 3rd party AV so MDE AV will be active. In case of rollback I want just to push back 3rd party AV and then MDE will go to passive but EDR sensor from MDE will still sending telemetry. Therefore I am looking what 3rd party AV must exclude in terms of the EDR processes from MDE and whatever is still running when MDE is in passive

Personally, I am not aware of any exclusions needed for macOS. Telemetry data through the sensor is generally allowed unless blocked explicitly.