Microsoft Defender Compliance Pack (macOS)

Work in progress. Check back tomorrow (Feb 15) and we hope you will attend the Roadshow.

Description

This will be a guide to take FileWave usage one major step further than simply installing an application like Microsoft Defender. In this article you will see how to use Custom Fields, Smart Groups, Filesets, and Grafana to report on the status of your fleet. You can apply these ideas to other software solutions where you need to know if they are working, and to potentially fix them.

Ingredients

• FileWave Central

• Microsoft Defender Recipe (macOS)

• Defender Custom Fields.customfields
• Defender Update Defs (macOS).fileset.zip
• Defender Run Scan (macOS).fileset.zip

The Problem

You are managing hundreds or thousands of macOS or Windows devices, and need to understand if your environment is secure. Today you have been told to deploy Microsoft Defender and to provide reporting to your CISO demonstrating that you have Anti-Malware protection in place, and that it is operating correctly.​

• What kind of installers are used?​

• How can the install be performed silently? Fileset Magic needed?​

• What is the deadline to have the product deployed?​

• Will it replace another product?​

• MacOS, Windows or both?​

Get started with this like any other deployment project:​

• Ask the vendor for installation documentation - but FileWave may also post some examples;

• Create a reverse timeline. Start small.​

• Search the Internet for how others have reported on that product because FileWave can do anything scriptable.

Test and Verify:

• Test. Test. Verify and then test again. ​
• Deploy to 1 machine, then expand in growing waves so that you can stay ahead of issues.​​
• Do you have an Early Adopters group of users who give feedback and are forgiving?​

Deployment

The macOS side is often complicated by privacy controls, but TCC Profiles can help.​ These can either grant permission to an app or can give a non-Admin user permission to allow what is needed. Screen Recording used by TeamViewer is an example of the latter. 

For the Deployment phase see this article on installation: Microsoft Defender Recipe (macOS)​

Reporting

 

Remediation

 

Dashboards

 

Related Content

• Microsoft Defender Recipe (macOS)
• Microsoft Defender Recipe (Win)
• Microsoft Defender Compliance Pack (Win)