Kernel extension is still being used on macOS 10.15 (Catalina). Starting with macOS 11 (Big Sur), Microsoft Defender for Endpoint has been fully migrated from kernel extension to system extensions.
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender for Endpoint on Mac. How to configure Microsoft Defender for Endpoint on Mac To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.
To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used.
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. How to update Microsoft Defender for Endpoint on Mac Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal: mdatp connectivity test SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default. We recommend that you keep System Integrity Protection (SIP) enabled on client devices. If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed. Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:Įligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices. Support for macOS devices with M1 chip-based processors has been officially supported since version 101.40.84 of the agent.Īfter you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.