In the Administration workspace, click Client Settings. On the Home tab, in the Create group, click Create Custom Client Device Settings. In the Create Custom Client Device Settings dialog box, provide a name and a description for the group of settings, and then select Endpoint Protection. Jun 27, 2012  To do this, click the System Center Endpoint Protection for Mac icon in the menu bar, and then click Open System Center 2012 Endpoint Protection. Click Activate advanced mode. Click Setup, click Antivirus and antispyware, and then click Disable. Nov 27, 2016  Looking online at Microsoft it appears that the Mac and Linux client support for SCEP 2012 was a separate add-on provided later than the original release and delivered through the Volume Licensing Center rather than the main support channel for SCEP itself.

1. Microsoft Endpoint Protection Windows 10
2. Microsoft Endpoint Protection Mac Client Free
3. Microsoft Forefront

-->

This version of Windows Defender or Endpoint Protection includes the following features to help protect your computer from threats: Windows Firewall integration. Endpoint Protection setup enables you to turn on or off Windows Firewall. Network Inspection System. Mar 20, 2020 Download the Mac client msi file to a Windows system; Run the msi and it will create a dmg file under the default location “C: Program Files Microsoft System Center Configuration Manager for Mac client ” on the Windows system; Copy the dmg file to a network share or a folder on a Mac computer. Microsoft recently announced end of support for their Mac and Linux anti-virus (AV) product called Security Center Endpoint Protection or more commonly SCEP. Specifically, the Microsoft Tech Community announcement stated the following: End of Support for SCEP for Mac and SCEP for Linux on December 31, 2018.

Applies to: Configuration Manager (current branch)

Endpoint Protection can help manage and monitor Microsoft Defender Advanced Threat Protection (ATP) (formerly known as Windows Defender ATP). Microsoft Defender ATP helps enterprises detect, investigate, and respond to advanced attacks on their networks. Configuration Manager policies can help you onboard and monitor Windows 10 clients.

Microsoft Defender ATP is a service in the Windows Defender Security Center. By adding and deploying a client onboarding configuration file, Configuration Manager can monitor deployment status and Microsoft Defender ATP agent health. Microsoft Defender ATP is supported on PCs running the Configuration Manager client or managed by Microsoft Intune.

Prerequisites

• Subscription to the Microsoft Defender Advanced Threat Protection online service
• Clients computers running the Configuration Manager client
• Clients using an OS listed in the Supported client operating systems section below.

Supported client operating systems

Based on the version of Configuration Manager you're running, the following client operating systems can be onboarded:

Configuration Manager version 1910 and prior

• Clients computers running Windows 10, version 1607 and later

Configuration Manager version 2002 and later

• Windows 7 SP1
• Windows 8.1
• Windows 10, version 1607 or later
• Windows Server 2008 R2 SP1
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2016, version 1803
• Windows Server 2019

Create an onboarding configuration file

1. Go to the Microsoft Defender ATP online service and sign in.
2. Select Machine Management under Settings, and then select Onboarding.
3. Select the operating systems you'd like to onboard from the list.
   • If you're onboarding Windows 10, Windows Server 1803, and Windows Server 2019:
     1. Select Configuration Manager (current branch) version 1606 and select Download package.
     2. Download the compressed archive (.zip) file and extract the contents.
   • If you're onboarding another Windows operating system:
     1. Select the operating systems you'd like to onboard from the list. For example, choose either Windows 7 and 8.1 or Windows Server 2008 R2 SP1, 2012 R2 and 2016.
     2. Copy the values for the Workspace key and Workspace ID from the Configure connection section once the process completes.

Important

The Microsoft Defender ATP configuration file contains sensitive information which should be kept secure.

Onboard devices

1. In the Configuration Manager console, navigate to Assets and Compliance > Endpoint Protection > Windows Defender ATP Policies and select Create Windows Defender ATP Policy. The Microsoft Defender ATP Policy Wizard opens.

2. Type the Name and Description for the Microsoft Defender ATP policy and select Onboarding.

3. Browse to the Configuration file provided by your organization's Microsoft Defender ATP cloud service tenant.

   • For Windows 7 and 8.1 or Windows Server 2008 R2 SP1, 2012 R2 and 2016, provide the Workspace key and Workspace ID.

4. Specify the file samples that are collected and shared from managed devices for analysis.

   • None

   • All file types

5. Review the summary and complete the wizard.

Select Deploy to target the Microsoft Defender ATP policy to clients.

Monitor

1. In the Configuration Manager console, navigate Monitoring > Security and then select Windows Defender ATP.

2. Review the Microsoft Defender Advanced Threat Protection dashboard.

   • Windows Defender Agent Deployment Status: The number and percentage of eligible managed client computers with active Microsoft Defender ATP policy onboarded

   • Windows Defender ATP Agent Health: Percentage of computer clients reporting status for their Microsoft Defender ATP agent

     • Healthy - Working properly

       (You would have the opportunity to download individual files on the 'Thank you for downloading' page after completing your download.). Files larger than 1 GB may take much longer to download and might not download correctly. You might not be able to pause the active downloads or resume downloads that have failed.The Microsoft Download Manager solves these potential problems.

     • Inactive - No data sent to service during time period

     • Agent state - The system service for the agent in Windows isn't running

     • Not onboarded - Policy was applied but the agent hasn't reported policy onboard

Create an offboarding configuration file

1. Sign in to the Microsoft Defender ATP online service.

2. Select Machine Management under Settings, and then select Onboarding.

3. Select Configuration Manager (current branch) version 1606 and select Endpoint offboarding.

4. Download the compressed archive (.zip) file and extract the contents. Offboarding files are valid for 30 days.

5. In the Configuration Manager console, navigate to Assets and Compliance > Endpoint Protection > Windows Defender ATP Policies and select Create Windows Defender ATP Policy. The Microsoft Defender ATP Policy Wizard opens.

6. Type the Name and Description for the Microsoft Defender ATP policy and select Offboarding.

7. Browse to the Configuration file provided by your organization's Microsoft Defender ATP cloud service tenant.

8. Review the summary and complete the wizard.

Select Deploy to target the Microsoft Defender ATP policy to clients.

Important

The Microsoft Defender ATP configuration files contains sensitive information which should be kept secure.

Next steps

-->

This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.

Caution

Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in Passive mode.

What’s new in the latest release

Tip

If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback.

To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac machines), configure your macOS machine running Microsoft Defender ATP to be an 'Insider' machine. See Enable Microsoft Defender ATP Insider Machine.

How to install Microsoft Defender ATP for Mac

Prerequisites

• A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
• Beginner-level experience in macOS and BASH scripting
• Administrative privileges on the device (in case of manual deployment)

Installation instructions

There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.

• Third-party management tools:

• Command-line tool:

System requirements

The three most recent major releases of macOS are supported.

• 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
• Disk space: 650 MB

Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.

After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

Network connections

The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

Service location	DNS record
Common URLs for all locations	x.cp.wd.microsoft.com cdn.x.cp.wd.microsoft.com eu-cdn.x.cp.wd.microsoft.com wu-cdn.x.cp.wd.microsoft.com officecdn-microsoft-com.akamaized.net crl.microsoft.com events.data.microsoft.com
European Union	europe.x.cp.wd.microsoft.com eu-v20.events.data.microsoft.com usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net
United Kingdom	unitedkingdom.x.cp.wd.microsoft.com uk-v20.events.data.microsoft.com ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net
United States	unitedstates.x.cp.wd.microsoft.com us-v20.events.data.microsoft.com ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net

Microsoft Defender ATP can discover a proxy server by using the following discovery methods:

• Web Proxy Auto-discovery Protocol (WPAD)
• Manual static proxy configuration

If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

If you prefer the command line, you can also check the connection by running the following command in Terminal:

The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

OK https://cdn.x.cp.wd.microsoft.com/ping

Caution

We recommend that you keep System Integrity Protection (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

Microsoft Endpoint Protection Windows 10

Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:

How to update Microsoft Defender ATP for Mac

Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender ATP for Mac

How to configure Microsoft Defender ATP for Mac

Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.

macOS kernel and system extensions

In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.

Microsoft Endpoint Protection Mac Client Free

Resources

Microsoft Forefront

• For more information about logging, uninstalling, or other topics, see the Resources page.