Microsoft Defender ATP for Mac is moving to system extensions

Published Aug 31 2020 08:20 AM 11.3K Views
Microsoft

As part of our commitment to provide the best in market endpoint protection to our customers, we strive to ensure that Microsoft Defender ATP for Mac evolves in lock step with the macOS platform. We are also committed to minimizing security agent related friction as organizations migrate to the next major macOS version. Apple is shifting away from kernel extensions, starting with macOS 11 Big Sur. In alignment with Apple’s strategy, public preview is now open for Microsoft Defender ATP for Mac implementation that leverages the new system extensions instead of kernel extensions.

 

Catalina_system_ext_screen.PNG

 

 

How will the system extensions-based update be delivered?

 

The system extensions-based version of Microsoft Defender ATP for Mac will be delivered to all macOS devices via the existing Microsoft AutoUpdate (MAU) channel.

 

Refer to our system extensions-based update documentation for additional update related details and how to determine if a device is running the new version based on system extensions.

 

After successfully deploying and activating the update, the on-device experience will remain unchanged.

 

What devices are eligible for the system extensions-based update?

 

To experience the new system extensions-based implementation during public preview, you’ll need to have preview features turned on in the Microsoft Defender Security Center. If you have not yet opted into previews, we encourage you to turn on preview features in the Microsoft Defender Security Center today.

 

Prior to the general availability of macOS 11 Big Sur, the new system extensions-based code path can be activated on devices running macOS Catalina version 10.15.4 or later and registered for the InsiderFast MAU update channel.

Once macOS 11 Big Sur is generally available, the new system extensions-based implementation will be activated on all devices running macOS 11.

 

How to prepare for activation of the system extensions-based update

 

To ensure that the Microsoft Defender ATP for Mac system extensions-based update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before the new code path is activated. If the configuration is not deployed prior to the activation of the new Microsoft Defender ATP for Mac agent implementation, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions. Refer to our system extensions-based update documentation to learn in detail what to expect without applying the new remote configuration.

 

Benefits of taking action ahead of broader update applicability

 

The new Microsoft Defender ATP for Mac system extension-based implementation is currently only applicable to devices running macOS version 10.15.4 or later and in InsiderFast MAU ring. However, deploying configuration proactively across the entire macOS fleet ensures that all Mac devices are prepared for macOS 11 Big Sur on its release day. It also ensures that Microsoft Defender ATP for Mac continues protecting all macOS devices immediately post-upgrade to Big Sur. The new remote configuration is supplemental to any prior Microsoft Defender ATP for Mac configuration and will have no adverse effect on devices that still run the kernel extension-based version.

 

 

We invite you to monitor the What's new in Microsoft Defender ATP for Mac page for upcoming announcements (including general availability of the system extensions-based update). 

 

We welcome your feedback and look forward to hearing from you!

You can submit feedback by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback. Another option is to submit feedback via the Microsoft Defender Security Center.

 

If you’re not yet taking advantage of Microsoft’s industry leading optics and detection capabilities, sign up for free trial of Microsoft Defender ATP today. 

 

 

Helen Allas

Microsoft Defender ATP team

10 Comments
Occasional Visitor

Will you be releasing a Apple M1 native version of ATP, and if so when?  Are there any words of caution for installing the current Intel version on an M1, or does it install at all?

 

Microsoft

Yes, We are currently work on M1 native support. it will be ready soon. For now, M1 is not supported.

We will update with a blog post here once it will be supported.

Occasional Visitor

Hi!

@Tomer_Hevlin , Just to confirm what do you mean M1 is not supported for now? If our organization currently has M1 Macs can they not run MDATP until M1 native support is available? 

Thanks!

Marc V

Occasional Contributor

Hello,

 

Is there any update on M1 support?

The WDAV-KEXT profile we normally use for MacOS/Big Sur is giving an error (-2016336102 (No error code)), so I assume it's still not supported?

Thanks.

Occasional Visitor

Also looking for an update on M1 - We've got a large Mac fleet looking to move from Sophos to Microsoft ATP; this is a showstopper for us.

Contributor

Same question here, we don't have a large Mac fleet, just a small subset including our CEO!!

Senior Member

Hi everybody,

@Tomer_Hevlin do you have any information when MDATP will support M1 ?

We have to prepare our new deployment and M1 have been ordered :cool:

Thanks you 

Regular Visitor

Looking to move from Symantec to MDE/MSATP, only to find it doesn't' work on the new macs we have for this summer.    Big black eye.  New updates seem few and far between.

 

Established Member

Is there any news on an ETA? Looking to move our Macs into the Defender ecosystem, but we cannot as long as M1 hardware / system extensions are not there.

You can run MDATP through Rosetta, but there are already malware toolkits targeting M1 specifically so it's too big of a risk for us to leave it at that.

 

Otherwise we would be looking to continue current anti-malware solutions and re-evaluate at a later time.

 

Regular Visitor

@Tomer_Hevlin @Helen_Allas 

 

Where are we on the M1 support? Any updates on progress?

Any updates would be appreciated.

Thanks.

%3CLINGO-SUB%20id%3D%22lingo-sub-1608736%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1608736%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20part%20of%20our%20commitment%20to%20provide%20the%20best%20in%20market%20endpoint%20protection%20to%20our%20customers%2C%20we%20strive%20to%20ensure%20that%20Microsoft%20Defender%20ATP%20for%20Mac%20evolves%20in%20lock%20step%20with%20the%20macOS%20platform.%20We%20are%20also%20committed%20to%20minimizing%20security%20agent%20related%20friction%20as%20organizations%20migrate%20to%20the%20next%20major%20macOS%20version.%20Apple%20is%20shifting%20away%20from%20kernel%20extensions%2C%20starting%20with%20macOS%2011%20Big%20Sur.%20In%20alignment%20with%20Apple%E2%80%99s%20strategy%2C%20public%20preview%20is%20now%20open%20for%20Microsoft%20Defender%20ATP%20for%20Mac%20implementation%20that%20leverages%20the%20new%20system%20extensions%20instead%20of%20kernel%20extensions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22Catalina_system_ext_screen.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F215913iC393C5BBA7894A4F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Catalina_system_ext_screen.PNG%22%20alt%3D%22Catalina_system_ext_screen.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20will%3C%2FSTRONG%3E%20%3CSTRONG%3Ethe%20system%20extensions-based%20update%20be%20delivered%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20system%20extensions-based%20version%20of%20Microsoft%20Defender%20ATP%20for%20Mac%20will%20be%20delivered%20to%20all%20macOS%20devices%20via%20the%20existing%20Microsoft%20AutoUpdate%20(MAU)%20channel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERefer%20to%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmac-sysext-preview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esystem%20extensions-based%20update%20documentation%3C%2FA%3E%26nbsp%3Bfor%20additional%20update%20related%20details%20and%20how%20to%20determine%20if%20a%20device%20is%20running%20the%20new%20version%20based%20on%20system%20extensions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20successfully%20deploying%20and%20activating%20the%20update%2C%20the%20on-device%20experience%20will%20remain%20unchanged.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20devices%20are%20eligible%20for%20the%20system%20extensions-based%20update%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20experience%20the%20new%20system%20extensions-based%20implementation%20during%20public%20preview%2C%20you%E2%80%99ll%20need%20to%20have%20preview%20features%20turned%20on%20in%20the%20Microsoft%20Defender%20Security%20Center.%20If%20you%20have%20not%20yet%20opted%20into%20previews%2C%20we%20encourage%20you%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fpreview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eturn%20on%20preview%20features%3C%2FA%3E%26nbsp%3Bin%20the%20Microsoft%20Defender%20Security%20Center%20today.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPrior%20to%20the%20general%20availability%20of%20macOS%2011%20Big%20Sur%2C%20the%20new%20system%20extensions-based%20code%20path%20can%20be%20activated%20on%20devices%20running%20macOS%20Catalina%20version%2010.15.4%20or%20later%20and%20registered%20for%20the%20InsiderFast%20MAU%20update%20channel.%3C%2FP%3E%0A%3CP%3EOnce%20macOS%2011%20Big%20Sur%20is%20generally%20available%2C%20the%20new%20system%20extensions-based%20implementation%20will%20be%20activated%20on%20all%20devices%20running%20macOS%2011.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20to%20prepare%20for%20activation%20of%20the%20system%20extensions-based%20update%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20ensure%20that%20the%20Microsoft%20Defender%20ATP%20for%20Mac%20system%20extensions-based%20update%20is%20delivered%20and%20applied%20seamlessly%20from%20an%20end-user%20experience%20perspective%2C%20a%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmac-sysext-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Enew%20remote%20configuration%3C%2FA%3E%20must%20be%20deployed%20to%20all%20eligible%20macOS%20devices%20before%20the%20new%20code%20path%20is%20activated.%20If%20the%20configuration%20is%20not%20deployed%20prior%20to%20the%20activation%20of%20the%20new%20Microsoft%20Defender%20ATP%20for%20Mac%20agent%20implementation%2C%20end-users%20will%20be%20presented%20with%20a%20series%20of%20system%20dialogs%20asking%20to%20grant%20the%20agent%20all%20necessary%20permissions%20associated%20with%20the%20new%20system%20extensions.%20Refer%20to%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmac-sysext-preview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esystem%20extensions-based%20update%20documentation%3C%2FA%3E%26nbsp%3Bto%20learn%20in%20detail%20what%20to%20expect%20without%20applying%20the%20new%20remote%20configuration.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EBenefits%20of%20taking%20action%20ahead%20of%20broader%20update%20applicability%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20new%20Microsoft%20Defender%20ATP%20for%20Mac%20system%20extension-based%20implementation%20is%20currently%20only%20applicable%20to%20devices%20running%20macOS%20version%2010.15.4%20or%20later%20and%20in%20InsiderFast%20MAU%20ring.%20However%2C%20deploying%20configuration%20proactively%20across%20the%20entire%20macOS%20fleet%20ensures%20that%20all%20Mac%20devices%20are%20prepared%20for%20macOS%2011%20Big%20Sur%20on%20its%20release%20day.%20It%20also%20ensures%20that%20Microsoft%20Defender%20ATP%20for%20Mac%20continues%20protecting%20all%20macOS%20devices%20immediately%20post-upgrade%20to%20Big%20Sur.%20The%20new%20remote%20configuration%20is%20supplemental%20to%20any%20prior%20Microsoft%20Defender%20ATP%20for%20Mac%20configuration%20and%20will%20have%20no%20adverse%20effect%20on%20devices%20that%20still%20run%20the%20kernel%20extension-based%20version.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20invite%20you%20to%20monitor%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmac-whatsnew%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat's%20new%20in%20Microsoft%20Defender%20ATP%20for%20Mac%20page%3C%2FA%3E%20for%20upcoming%20announcements%20(including%20general%20availability%20of%20the%20system%20extensions-based%20update).%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20welcome%20your%20feedback%20and%20look%20forward%20to%20hearing%20from%20you!%3C%2FP%3E%0A%3CP%3EYou%20can%20submit%20feedback%20by%20opening%20Microsoft%20Defender%20ATP%20for%20Mac%20on%20your%20device%20and%20navigating%20to%26nbsp%3B%3CEM%3EHelp%20%26gt%3B%20Send%20feedback.%3C%2FEM%3E%26nbsp%3BAnother%20option%20is%20to%20submit%20feedback%20via%26nbsp%3Bthe%20Microsoft%20Defender%20Security%20Center.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%E2%80%99re%20not%20yet%20taking%20advantage%20of%20Microsoft%E2%80%99s%20industry%20leading%20optics%20and%20detection%20capabilities%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fwindows%2Fmicrosoft-defender-atp%3Focid%3Dcx-blog-mmpc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esign%20up%20for%20free%20trial%3C%2FA%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3Eof%20Microsoft%20Defender%20ATP%20today.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EHelen%20Allas%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EMicrosoft%20Defender%20ATP%20team%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1608736%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22kextless_blog_4.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F215924i4C0BE9E4A6D6936D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22kextless_blog_4.PNG%22%20alt%3D%22kextless_blog_4.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CDIV%3ET%3CSPAN%3Eo%20ensure%20that%20Microsoft%20Defender%20ATP%20for%20Mac%20evolves%20in%20lock%20step%20with%20the%20macOS%20platform%2C%20public%20preview%20is%20now%20open%20for%20Microsoft%20Defender%20ATP%20for%20Mac%20implementation%20that%20leverages%20the%20new%20system%20extensions%20instead%20of%20kernel%20extensions.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1608736%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ekernel%20extensions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emacos%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esystem%20extensions%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1932832%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1932832%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20you%20be%20releasing%20a%20Apple%20M1%20native%20version%20of%20ATP%2C%20and%20if%20so%20when%3F%26nbsp%3B%20Are%20there%20any%20words%20of%20caution%20for%20installing%20the%20current%20Intel%20version%20on%20an%20M1%2C%20or%20does%20it%20install%20at%20all%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2023952%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2023952%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20We%20are%20currently%20work%20on%20M1%20native%20support.%20it%20will%20be%20ready%20soon.%20For%20now%2C%20M1%20is%20not%20supported.%3C%2FP%3E%0A%3CP%3EWe%20will%20update%20with%20a%20blog%20post%20here%20once%20it%20will%20be%20supported.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2077317%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2077317%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F455211%22%20target%3D%22_blank%22%3E%40Tomer_Hevlin%3C%2FA%3E%26nbsp%3B%2C%20Just%20to%20confirm%20what%20do%20you%20mean%20M1%20is%20not%20supported%20for%20now%3F%20If%20our%20organization%20currently%20has%20M1%20Macs%20can%20they%20not%20run%20MDATP%20until%20M1%20native%20support%20is%20available%3F%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3EMarc%20V%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2168458%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2168458%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20update%20on%20M1%20support%3F%3C%2FP%3E%3CP%3EThe%20WDAV-KEXT%20profile%20we%20normally%20use%20for%20MacOS%2FBig%20Sur%20is%20giving%20an%20error%20(-2016336102%20(No%20error%20code))%2C%20so%20I%20assume%20it's%20still%20not%20supported%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2237735%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2237735%22%20slang%3D%22en-US%22%3E%3CP%3EAlso%20looking%20for%20an%20update%20on%20M1%20-%20We've%20got%20a%20large%20Mac%20fleet%20looking%20to%20move%20from%20Sophos%20to%20Microsoft%20ATP%3B%20this%20is%20a%20showstopper%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2281913%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2281913%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20question%20here%2C%20we%20don't%20have%20a%20large%20Mac%20fleet%2C%20just%20a%20small%20subset%20including%20our%20CEO!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2311349%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2311349%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everybody%2C%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F455211%22%20target%3D%22_blank%22%3E%40Tomer_Hevlin%3C%2FA%3E%26nbsp%3Bdo%20you%20have%20any%20information%20when%20MDATP%20will%20support%20M1%20%3F%3C%2FP%3E%3CP%3EWe%20have%20to%20prepare%20our%20new%20deployment%20and%20M1%20have%20been%20ordered%20%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%40B71AFCCE02F5853FE57A20BD4B04EADD%2Fimages%2Femoticons%2Fcool_40x40.gif%22%20alt%3D%22%3Acool%3A%22%20title%3D%22%3Acool%3A%22%20%2F%3E%3C%2FP%3E%3CP%3EThanks%20you%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2344577%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2344577%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20to%20move%20from%20Symantec%20to%20MDE%2FMSATP%2C%20only%20to%20find%20it%20doesn't'%20work%20on%20the%20new%20macs%20we%20have%20for%20this%20summer.%26nbsp%3B%20%26nbsp%3B%20Big%20black%20eye.%26nbsp%3B%20New%20updates%20seem%20few%20and%20far%20between.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2515865%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2515865%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20news%20on%20an%20ETA%3F%20Looking%20to%20move%20our%20Macs%20into%20the%20Defender%20ecosystem%2C%20but%20we%20cannot%20as%20long%20as%20M1%20hardware%20%2F%20system%20extensions%20are%20not%20there.%3C%2FP%3E%3CP%3EYou%20can%20run%20MDATP%20through%20Rosetta%2C%20but%20there%20are%20already%20malware%20toolkits%20targeting%20M1%20specifically%20so%20it's%20too%20big%20of%20a%20risk%20for%20us%20to%20leave%20it%20at%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOtherwise%20we%20would%20be%20looking%20to%20continue%20current%20anti-malware%20solutions%20and%20re-evaluate%20at%20a%20later%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2640011%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Defender%20ATP%20for%20Mac%20is%20moving%20to%20system%20extensions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2640011%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F455211%22%20target%3D%22_blank%22%3E%40Tomer_Hevlin%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F346107%22%20target%3D%22_blank%22%3E%40Helen_Allas%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhere%20are%20we%20on%20the%20M1%20support%3F%20Any%20updates%20on%20progress%3F%3C%2FP%3E%3CP%3EAny%20updates%20would%20be%20appreciated.%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Nov 05 2020 04:14 PM
Updated by: