Return to site
Return to site

Antivirus For Mac Server

broken image


Turn on Mac's firewall. Ensure your Mac's firewall is turned on. A firewall is a software that provides. Intego — Best Overall Mac Antivirus of 2020. Specifically designed for Macs, Intego has a wide. Download FREE AVG antivirus software for Mac. Protection against viruses, malware & spyware. Easy-to-use virus scanning and clean up.

-->

Important

Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.

Caution

Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in Passive mode.

What's new in the latest release

Tip

If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback.

To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an 'Insider' device. See Enable Microsoft Defender ATP Insider Device.

How to install Microsoft Defender ATP for Mac

Prerequisites

  • A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
  • Beginner-level experience in macOS and BASH scripting
  • Administrative privileges on the device (in case of manual deployment)

Installation instructions

There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.

  • Third-party management tools:

  • Command-line tool:

System requirements

The three most recent major releases of macOS are supported.

Server
  • 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
  • Disk space: 1GB

Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.

After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

Licensing requirements

Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:

  • Microsoft 365 E5 (M365 E5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 (M365 A5)

Note

Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.

Network connections

The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

Spreadsheet of domains listDescription

Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
Download the spreadsheet here.

Microsoft Defender ATP can discover a proxy server by using the following discovery methods:

  • Proxy autoconfig (PAC)
  • Web Proxy Autodiscovery Protocol (WPAD)
  • Manual static proxy configuration

If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

Warning

Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.

SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.

To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

If you prefer the command line, you can also check the connection by running the following command in Terminal:

The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

OK https://cdn.x.cp.wd.microsoft.com/ping

Antivirus For Mac Server

Caution

We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:

How to update Microsoft Defender ATP for Mac

Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender ATP for Mac

How to configure Microsoft Defender ATP for Mac

Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.

macOS kernel and system extensions

In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.

Resources

  • For more information about logging, uninstalling, or other topics, see the Resources page.

-->

Intune Endpoint security Antivirus policies can help security admins focus on managing the discrete group of antivirus settings for managed devices. To use Antivirus policy, integrate Intune with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) as a Mobile Threat Defense solution.

Antivirus policy includes several profiles. Each profile contains only the settings that are relevant for Microsoft Defender ATP antivirus for macOS, Windows 10, or for the user experience in the Windows Security app on Windows 10 devices.

You'll find the antivirus policies under Manage in the Endpoint security node of the Microsoft Endpoint Manager admin center.

Antivirus policies include the same settings as endpoint protection or device restriction profiles for device configuration policy and are similar to settings from device compliance policy. However, those policy types include additional categories of settings that are unrelated to Antivirus. The additional settings can complicate the task of configuring Antivirus. Additionally, the settings found in the Antivirus policy for macOS aren't available through the other policy types. The macOS Antivirus profile replaces the need to configure the settings by using .plist files.

Free antivirus for mac

Prerequisites for antivirus policy

General:

  • macOS

    • Any supported version of macOS
    • For Intune to manage antivirus settings on a device, Microsoft Defender ATP must be installed on that device. See. Microsoft Defender ATP for macOS (In the Microsoft Defender ATP documentation)

  • Windows 10 and later

    • No additional prerequisites are required.

Support for Configuration Manager clients:

This scenario is in preview and requires use of Configuration Manager current branch version 2006 or later.

  • Set up tenant attach for Configuration Manager devices - To support deploying antivirus policy to devices managed by Configuration Manager, configure tenant attach. Set up of tenant attach includes configuring Configuration Manager device collections to support endpoint security policies from Intune.

    To set up tenant attach, see Configure tenant attach to support endpoint protection policies.

Prerequisites for tamper protection

You can use Intune to manage tamper protection on Windows devices as part of Antivirus policy. This includes both devices you manage with Intune, and devices you manage with Configuration Manager through the tenant attach scenario.

Intune managed devices

Prerequisites to support tamper protection for devices managed by Intune:

  • Your environment must meet the prerequisites for managing tamper protection with Intune as detailed in the Windows documentation.

Profiles for Antivirus policy that support tamper protection for devices managed by Intune:

  • Platform: Windows 10 later
    • Profile: Windows Security experience

You can also use the Endpoint protection profile for Device configuration policy to configure tamper protection for devices managed by Intune.

Configuration Manager clients managed through the tenant attach scenario

Prerequisites to support managing tamper protection with these profiles:

  • Your environment must meet the prerequisites for managing tamper protection with Intune as detailed in the Windows documentation.
  • You must use Configuration Manager current branch 2006 or later.
  • You must configure tenant attach to support endpoint protection policies. This includes configuring Configuration Manager device collections for synchronization with Intune.

Profiles for Antivirus policy that support tamper protection for devices managed by Configuration Manager:

  • Platform: Windows 10 and Windows Server (ConfigMgr)
    • Profile: Windows Security experience (preview)

Antivirus profiles

Devices managed by Intune

The following profiles are supported for devices you manage with Intune:

macOS:

  • Platform: macOS

    • Profile: Antivirus - Manage Antivirus policy settings for macOS.

      When you use Microsoft Defender ATP for Mac, you can configure and deploy Antivirus settings to your managed macOS devices through Intune instead of configuring those settings by use of .plist files.

Windows 10:

  • Platform: Windows 10 profiles

    • Profile: Microsoft Defender Antivirus - Manage Antivirus policy settings for Windows 10.

      Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together technologies like machine learning and cloud infrastructure to protect devices in your enterprise organization.

      The Microsoft Defender Antivirus profile is a separate instance of the antivirus settings that are found in the Device Restriction profile for Device Configuration policy.

      Unlike the antivirus settings in a Device Restriction profile, you can use these settings to with devices that are co-managed. To use these settings, the co-management workload slider for Endpoint Protection must be set to Intune.

    • Profile: Microsoft Defender Antivirus exclusions - Manage policy settings for only Antivirus exclusions.

      With this policy, you can manage settings for the following Microsoft Defender Antivirus configuration service providers (CSPs) that define Antivirus exclusions:

      • Defender/ExcludedPaths
      • Defender/ExcludedExtensions
      • Defender/ExcludedProcesses

      These CSPs for antivirus exclusion are also managed by Microsoft Defender Antivirus policy, which includes identical settings for exclusions. Settings from both policy types (Antivirus and Antivirus exclusions) are subject to policy merge, and create a super set of exclusions for applicable devices and users.

    • Profile: Windows Security experience- Manage the Windows Security app settings that end users can view in the Microsoft Defender Security center and the notifications they receive.

      The Windows security app is used by a number of Windows security features to provide notifications about the health and security of the machine. Security app notifications include firewalls, antivirus products, Windows Defender SmartScreen, and others.

Devices managed by Configuration Manager

Antivirus

Support for devices managed by Configuration Manager is in Preview.

Manage Antivirus settings for Configuration Manager devices, when you use tenant attach.

Policy path:

  • Endpoint security > Antivirus > Windows 10 and Windows Server (ConfigMgr)

Profiles:

  • Microsoft Defender Antivirus (preview)
  • Windows Security experience (preview)
Antivirus For Mac Server

Antivirus For Mac Server Settings

Required version of Configuration Manager:

  • Configuration Manager current branch version 2006 or later

Antivirus For Mac And Windows

Supported Configuration Manager device platforms:

  • Windows 10 and later (x86, x64, ARM64)
  • Windows Server 2019 and later (x64)
  • Windows server 2016 (x64)

Policy merge for settings

Freeware
  • 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
  • Disk space: 1GB

Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.

After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

Licensing requirements

Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers:

  • Microsoft 365 E5 (M365 E5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 (M365 A5)

Note

Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.

Network connections

The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

Spreadsheet of domains listDescription

Spreadsheet of specific DNS records for service locations, geographic locations, and OS.
Download the spreadsheet here.

Microsoft Defender ATP can discover a proxy server by using the following discovery methods:

  • Proxy autoconfig (PAC)
  • Web Proxy Autodiscovery Protocol (WPAD)
  • Manual static proxy configuration

If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

Warning

Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.

SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.

To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

If you prefer the command line, you can also check the connection by running the following command in Terminal:

The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

OK https://cdn.x.cp.wd.microsoft.com/ping

Caution

We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:

How to update Microsoft Defender ATP for Mac

Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender ATP for Mac

How to configure Microsoft Defender ATP for Mac

Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.

macOS kernel and system extensions

In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.

Resources

  • For more information about logging, uninstalling, or other topics, see the Resources page.

-->

Intune Endpoint security Antivirus policies can help security admins focus on managing the discrete group of antivirus settings for managed devices. To use Antivirus policy, integrate Intune with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) as a Mobile Threat Defense solution.

Antivirus policy includes several profiles. Each profile contains only the settings that are relevant for Microsoft Defender ATP antivirus for macOS, Windows 10, or for the user experience in the Windows Security app on Windows 10 devices.

You'll find the antivirus policies under Manage in the Endpoint security node of the Microsoft Endpoint Manager admin center.

Antivirus policies include the same settings as endpoint protection or device restriction profiles for device configuration policy and are similar to settings from device compliance policy. However, those policy types include additional categories of settings that are unrelated to Antivirus. The additional settings can complicate the task of configuring Antivirus. Additionally, the settings found in the Antivirus policy for macOS aren't available through the other policy types. The macOS Antivirus profile replaces the need to configure the settings by using .plist files.

Prerequisites for antivirus policy

General:

  • macOS

    • Any supported version of macOS
    • For Intune to manage antivirus settings on a device, Microsoft Defender ATP must be installed on that device. See. Microsoft Defender ATP for macOS (In the Microsoft Defender ATP documentation)

  • Windows 10 and later

    • No additional prerequisites are required.

Support for Configuration Manager clients:

This scenario is in preview and requires use of Configuration Manager current branch version 2006 or later.

  • Set up tenant attach for Configuration Manager devices - To support deploying antivirus policy to devices managed by Configuration Manager, configure tenant attach. Set up of tenant attach includes configuring Configuration Manager device collections to support endpoint security policies from Intune.

    To set up tenant attach, see Configure tenant attach to support endpoint protection policies.

Prerequisites for tamper protection

You can use Intune to manage tamper protection on Windows devices as part of Antivirus policy. This includes both devices you manage with Intune, and devices you manage with Configuration Manager through the tenant attach scenario.

Intune managed devices

Prerequisites to support tamper protection for devices managed by Intune:

  • Your environment must meet the prerequisites for managing tamper protection with Intune as detailed in the Windows documentation.

Profiles for Antivirus policy that support tamper protection for devices managed by Intune:

  • Platform: Windows 10 later
    • Profile: Windows Security experience

You can also use the Endpoint protection profile for Device configuration policy to configure tamper protection for devices managed by Intune.

Configuration Manager clients managed through the tenant attach scenario

Prerequisites to support managing tamper protection with these profiles:

  • Your environment must meet the prerequisites for managing tamper protection with Intune as detailed in the Windows documentation.
  • You must use Configuration Manager current branch 2006 or later.
  • You must configure tenant attach to support endpoint protection policies. This includes configuring Configuration Manager device collections for synchronization with Intune.

Profiles for Antivirus policy that support tamper protection for devices managed by Configuration Manager:

  • Platform: Windows 10 and Windows Server (ConfigMgr)
    • Profile: Windows Security experience (preview)

Antivirus profiles

Devices managed by Intune

The following profiles are supported for devices you manage with Intune:

macOS:

  • Platform: macOS

    • Profile: Antivirus - Manage Antivirus policy settings for macOS.

      When you use Microsoft Defender ATP for Mac, you can configure and deploy Antivirus settings to your managed macOS devices through Intune instead of configuring those settings by use of .plist files.

Windows 10:

  • Platform: Windows 10 profiles

    • Profile: Microsoft Defender Antivirus - Manage Antivirus policy settings for Windows 10.

      Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together technologies like machine learning and cloud infrastructure to protect devices in your enterprise organization.

      The Microsoft Defender Antivirus profile is a separate instance of the antivirus settings that are found in the Device Restriction profile for Device Configuration policy.

      Unlike the antivirus settings in a Device Restriction profile, you can use these settings to with devices that are co-managed. To use these settings, the co-management workload slider for Endpoint Protection must be set to Intune.

    • Profile: Microsoft Defender Antivirus exclusions - Manage policy settings for only Antivirus exclusions.

      With this policy, you can manage settings for the following Microsoft Defender Antivirus configuration service providers (CSPs) that define Antivirus exclusions:

      • Defender/ExcludedPaths
      • Defender/ExcludedExtensions
      • Defender/ExcludedProcesses

      These CSPs for antivirus exclusion are also managed by Microsoft Defender Antivirus policy, which includes identical settings for exclusions. Settings from both policy types (Antivirus and Antivirus exclusions) are subject to policy merge, and create a super set of exclusions for applicable devices and users.

    • Profile: Windows Security experience- Manage the Windows Security app settings that end users can view in the Microsoft Defender Security center and the notifications they receive.

      The Windows security app is used by a number of Windows security features to provide notifications about the health and security of the machine. Security app notifications include firewalls, antivirus products, Windows Defender SmartScreen, and others.

Devices managed by Configuration Manager

Antivirus

Support for devices managed by Configuration Manager is in Preview.

Manage Antivirus settings for Configuration Manager devices, when you use tenant attach.

Policy path:

  • Endpoint security > Antivirus > Windows 10 and Windows Server (ConfigMgr)

Profiles:

  • Microsoft Defender Antivirus (preview)
  • Windows Security experience (preview)

Antivirus For Mac Server Settings

Required version of Configuration Manager:

  • Configuration Manager current branch version 2006 or later

Antivirus For Mac And Windows

Supported Configuration Manager device platforms:

  • Windows 10 and later (x86, x64, ARM64)
  • Windows Server 2019 and later (x64)
  • Windows server 2016 (x64)

Policy merge for settings

Some Antivirus policy settings support policy merge. Policy merge helps avoid conflicts when multiple policies apply to the same devices and configure the same setting. Intune evaluates the settings that policy merge supports, for each user or device as taken from all applicable policies. Those settings are then merged into a single superset of policy.

For example, you create three separate antivirus policies that define different antivirus file path exclusions. Eventually, all three policies are assigned to the same user. Because the Microsoft Defender file path exclusion CSP supports policy merge, Intune evaluates and combines the file exclusions from all applicable policies for the user. The exclusions are added to a superset and the single list of exclusions is delivered to the users' device.

When policy merge isn't supported for a setting, a conflict can occur. Conflicts can result in the user or device not receiving any policy for the setting. For example, policy merge doesn't support the CSP for preventing installation of matching device IDs (PreventInstallationOfMatchingDeviceIDs). Configurations for this CSP don't merge, and are processed separately.

Antivirus For Mac Server Software

When processed separately, policy conflicts are resolved as follows:

  1. The most secure policy applies.
  2. If two policies are equally secure, the last modified policy applies.
  3. If the last modified policy can't resolve the conflict, no policy is delivered to the device.

Settings and CSPs that support policy merge

The following settings support policy merge:

  • Defender Processes To Exclude - CSP: Defender/ExcludedProcesses
  • File extensions to exclude from scans and real-time protection - CSP: Defender/ExcludedExtensions
  • Defender Files And Folders To Exclude - CSP: Defender/ExcludedPaths

Antivirus policy reports

Antivirus policy reports display status details about your endpoint security Antivirus policies and device status. These reports are available in the Endpoint security node of the Microsoft Endpoint Manager admin center.

To view the reports, in the Microsoft Endpoint Manager admin center, go to Endpoint security and select Antivirus. Selecting Antivirus opens the Summary page. Additional report and status views are available as additional pages.

Summary

On the Summary page, you can create new policies and view a list of the policies that were previously created. The list includes high-level details about the profile that policy includes (Policy Type), and if the policy is assigned.

When you select a policy from the list, the Overview page for that policy instance opens and displays more information. After selecting a tile from this view, Intune displays additional details for that profile if they're available.

Antivirus For Mac Free Download

Windows 10 unhealthy endpoints

On the Windows 10 unhealthy endpoints page, you can view information about the antivirus status of your MDM-managed Windows 10 devices. This information is returned from Windows Defender Antivirus that runs on the device, as Threat agent status.

Antivirus For Mac Server Software

Only devices with detected issues appear in this view. This view doesn't display details for devices that are identified as clean.

Antivirus Mac Free

Next steps





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save