Onboarding macOS Devices– Implementing and Managing Endpoint Protection by Using Microsoft Defender for Endpoint

 2022-08-24
      No Comments
      Stacey Trowbridge

Similar to Windows devices, Defender for Endpoint can be deployed to macOS devices using Intune, local scripts and commands, third-party software deployment tools that leverage the Microsoft-provided packaging, or direct user download and activation. The deployment method for MDE will depend largely on what technologies are currently in use to manage devices.

For devices that have already been enrolled in Intune, you can use the following process to deploy
MDE for macOS:

  1. Navigate to the Microsoft 365 Defender portal (https://security.microsoft.com), select Settings, and then select Endpoints.
  2. Under Device management in the middle pane, select Onboarding.
  3. In the details pane, under the Select operating system to start onboarding process dropdown, select macOS.
  4. To download the onboarding package for Intune, select Mobile Device Management / Microsoft Intune under Deployment method and then select Download onboarding package. The browser will begin downloading WindowsDefenderATPOnboardingPackage.zip. See Figure 9.20:

Figure 9.20 – Downloading the onboarding package for macOS

Other Methods
You can also download the installation media for a single device by selecting Download installation package.

  1. Extract the downloaded ZIP file to a temporary location, such as C:\Intune\macOS. Next, you’ll create the several configuration profiles necessary to support macOS deployment.

Onboarding a Configuration Profile
This configuration profile provides the basic information for MDE, including licensing and reporting information:

  1. Navigate to the Intune admin center (https://endpoint.microsoft.com) and select Devices. In the Policy section, select Configuration profiles. See Figure 9.21:

Figure 9.21 – Setting up a new configuration profile

  1. Click Create profile.
  2. On the Create a profile flyout, under Platform, select macOS. Under Profile type, select Templates.
  3. Under Template name, select Custom. Click Create.
  4. On the Basics tab, enter a name and description and click Next.
  5. On the Configuration settings tab, enter a Custom configuration profile name to identify this configuration.
  6. Under Deployment channel, select Device channel.
  7. Under Configuration profile name, click the folder icon and browse to the folder containing the extracted onboarding package ZIP file. Select the Intune subfolder and then select the

WindowsDefenderATPOnboarding.xml file, as shown in Figure 9.22:

Figure 9.22 – Configuration settings tab

  1. Click Next.
  2. On the Assignments tab, under Included Groups, choose to add groups containing devices that will be in scope for the policy.
  3. Click Next.
  4. On the Review + create tab, verify the settings and click Create.

Next, you’ll create the extension settings.