Microsoft Defender Recipe (macOS)


Example recipe for deploying Microsoft Defender.


The list is actually quite extensive, due to the necessary payloads:


See below directions for deployment before associating with devices.

Microsoft Defender PKG and deployment script are available through the M365 Defender portal; details in the Microsoft Deployment KB:


The '' is built by Microsoft with the appropriate licence code embedded into the script, such that the download is personal to the logged in account, when downloading.

                <string>[licence code here]</string>

The 'OnboardingInfo' key also has this code burnt into its value.


Download all of the above provided Filesets.  Note the Kernel Extension should only be required for legacy devices.

Fileset Group

Create a Fileset Group in which to add each of these.


Profiles should be installed firsts.  The Installer Fileset has a requirement script to ensure Profiles are installed, before commencing with download and activation of the Installer.

The requirement script is designed to confirm ALL profiles are installed in advance, with the exception of the Kernel Extension, since this is legacy.  The Profile ID of the Kernel Extension may be added to the list within the Fileset.  If this is requirement, but are unsure how to approach this, just ask in either the Discord, Alliance or Slack FileWave forums.  Links available through the 'Resources' of the FileWave Website.

Installer: 'wdav.pkg'

The 'Microsoft Defender Installer macOS' Fileset requires the downloaded PKG.  Open the Fileset and drag the PKG into the same location as the '.placeholder' file; this placeholder file may be deleted.




Edit the text of the provided '' file within the Fileset and paste in a copy of the script contents downloaded from Microsoft: