macOS compliance policy - how to require antivirus?

%3CLINGO-SUB%20id%3D%22lingo-sub-2184717%22%20slang%3D%22en-US%22%3EmacOS%20compliance%20policy%20-%20how%20to%20require%20antivirus%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2184717%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20a%20fully%20BYOD%20organization%20with%20a%20mix%20of%20Windows%20and%20macOS%20devices.%26nbsp%3B%20%26nbsp%3BOne%20of%20our%20company%20policies%20is%20that%20every%20device%20use%20an%20antivirus%20application.%26nbsp%3B%20Users%20may%20choose%20their%20own%20antivirus%20application%20since%20the%20devices%20are%20BYOD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20Windows%20devices%2C%20this%20is%20easily%20configured%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22mikehimf_0-1614863231600.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F260819iCDD9DDFFBF05F16D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22mikehimf_0-1614863231600.png%22%20alt%3D%22mikehimf_0-1614863231600.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20there%20is%20no%20equivalent%20option%20for%20macOS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20way%20to%20implement%20this%20type%20of%20policy%20for%20macOS%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2184717%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2184852%22%20slang%3D%22en-US%22%3ERe%3A%20macOS%20compliance%20policy%20-%20how%20to%20require%20antivirus%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2184852%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F986565%22%20target%3D%22_blank%22%3E%40mikehimf%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20does%20look%20like%20there%20is%20no%20Compliance%20policy%20for%20macOS%20to%20demand%20an%20Antivirus%2C%20even%20though%20there%20are%20configuration%20options%20to%20enable%20Defender%20but%20that%20does%20not%20replace%20the%20Compliance%20policy%20requirement%20for%20Conditional%20Access%20policies.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20require%20Antivirus%20for%20macOS%20you%20can%20leverage%20the%20%3CSTRONG%3EEndpoint%20security%20%26gt%3B%20Antivirus%20%26gt%3B%20Crate%20macOS%20Policy%3C%2FSTRONG%3E%20to%20enforce%20Defender%20for%20Endpoint%2C%20see%20docs%20for%20available%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fantivirus-microsoft-defender-settings-macos%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ESettings%20for%20Microsoft%20Defender%20for%20Endpoint%20for%20Mac%20in%20Microsoft%20Intune%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20there%20was%20no%20UserVoice%20request%20for%20this%2C%20I%20took%20it%20upon%20myself%20to%20add%20an%20Idea%2C%20requesting%20%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F42830946-add-defender-support-to-macos-compliance-policy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EAdd%20Defender%20support%20to%20macOS%20Compliance%20policy%3C%2FA%3E%20so%20it%20would%20be%20possible%20to%20check%20machine%20state%20with%20Conditional%20Access%20policy%2C%20if%20it%20get%20enough%20votes.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

We are a fully BYOD organization with a mix of Windows and macOS devices.   One of our company policies is that every device use an antivirus application.  Users may choose their own antivirus application since the devices are BYOD.

 

For Windows devices, requiring antivirus is easily configured:

mikehimf_0-1614863231600.png

 

However, there is no equivalent option for macOS.

 

Is there way to implement this type of policy for macOS?

 

Thanks.

 

 

2 Replies

Hello @mikehimf 

 

It does look like there is no Compliance policy for macOS to demand an Antivirus, even though there are configuration options to enable Defender but that does not replace the Compliance policy requirement for Conditional Access policies. 

 

To require Antivirus for macOS you can leverage the Endpoint security > Antivirus > Crate macOS Policy to enforce Defender for Endpoint, see docs for available Settings for Microsoft Defender for Endpoint for Mac in Microsoft Intune

 

Since there was no UserVoice request for this, I took it upon myself to add an Idea, requesting Add Defender support to macOS Compliance policy so it would be possible to check machine state with Conditional Access policy, if it get enough votes. 

@Alo Press  Thanks for confirming that, and submitting a UserVoice idea.   I will look into Defender, that may be a good option.