Zehadi Alam
The following section demonstrates the process of deploying and configuring settings to onboard Mac devices to Microsoft Defender for Endpoint using Intune. To onboard Windows devices using Intune, see the following article: https://uga.teamdynamix.com/TDClient/3159/KB/KB/ArticleDet?ID=161684
Procedure
1. Download the following mobileconfig files from Microsoft's GitHub repository:
netfilter.mobileconfig
sysext.mobileconfig
fulldisk.mobileconfig
background_services.mobileconfig
notif.mobileconfig
accessibility.mobileconfig
bluetooth.mobileconfig
AutoUpdate2.mobileconfig
2. Navigate to Devices → macOS → Configuration Profiles and create a new policy with the platform set to macOS and the profile type set to Templates.
3. Select Custom for the template and click Create.
4. After entering a name and description of the policy, continue to the Configuration settings and set the custom configuration profile name as NetFilter-prod-macOS-Default-MDE and the deployment channel to Device channel. Upload the netfilter.mobileconfig file.
Note: The profile name can be anything, but we are using the following name since it aligns with the naming convention used in Microsoft's examples.
5. Click Next and ensure that your scope tag is selected and assign the policy to your device group(s).
6. Complete steps 6-9 for each additional .mobileconfig file. The custom configuration profile names can be set to anything, but the following are suggestions based on the naming convention used in Microsoft's examples.
| Mobileconfig file |
Profile name |
| sysext.mobileconfig |
sysext-prod-macOS-Default-MDE |
| fulldisk.mobileconfig |
fulldisk-prod-macOS-Default-MDE |
| background_services.mobileconfig |
backgroundservices-prod-macOS-Default-MDE |
| notif.mobileconfig |
notif-prod-macOS-Default-MDE |
| accessibility.mobileconfig |
accessibility-prod-macOS-Default-MDE |
| bluetooth.mobileconfig |
bluetooth-prod-macOS-Default-MDE |
| AutoUpdate2.mobileconfig |
autoupdate2-prod-macOS-Default-MDE |
7. Download the Defender for Endpoint onboarding package from the DNL sharepoint. Only the WindowsDefenderATPOnboardingPackage.zip file is needed.
8. Extract the zip file and navigate to the intune folder. Deploy the WindowsDefenderATPOnboarding.xml file using the procedure from steps 6-9. The kext.xml file is not needed.
At this time, you should have 9 separate configuration profiles for Defender.
9. Navigate to Apps → macOS. Click on +Add and select the Microsoft Defender for Endpoint app. Follow the app deployment wizard to deploy the app to your device group(s).
If all previous steps have been properly completed, the installation and licensing process will be occur seamlessly on the targeted devices. Upon launching the Defender app on Macs, it will appear as follows.
In the Defender portal, the device appears as follows.
