Skip to main content

Microsoft Defender Recipe

Description

Example recipe for deploying Microsoft Defender.

Ingredients

The list is actually quite extensive, due to the necessary payloads:

  • Microsoft Defender PKG
  • Deployment Script: MicrosoftDefenderATPOnboardingMacOs.sh
  • Below provided Fileset
  • Profiles for:
    • Web Content Filter
    • TCC allowances
    • Notifications
    • Data Acceptance & Autoupdater
    • System and Kernel Extensions

Microsoft Defender PKG and deployment script are available through the M365 Defender portal; details in the Microsoft Deployment KB:

image.png

The 'MicrosoftDefenderATPOnboardingMacOs.sh' is built by Microsoft with the appropriate licence code embedded into the script, such that the download is personal to the logged in account, when downloading.

               <key>OrgId</key>
                <string>[licence code here]</string>

The 'OnboardingInfo' key also has this code burnt into its value.

Directions

Download all of the above provided Filesets.  Note the Kernel Extension should only be required for legacy devices.

Fileset Group

Create a Fileset Group in which to add each of these.

image.png

Installer: 'wdav.pkg'

The 'Microsoft Defender Installer macOS' Fileset requires the downloaded PKG.  Open the Fileset and drag the PKG into the same location as the '.placeholder' file; this placeholder file may be deleted.

image.png

image.png

Script: MicrosoftDefenderATPOnboardingMacOs.sh

Edit the text of the provided 'MicrosoftDefenderATPOnboardingMacOs.sh' file within the Fileset and paste in a copy of the script contents downloaded from Microsoft:

image.png

image.png

 

Profile Payload Values

The Profiles to manage the AutoUpdater and Notifications are configured with default values, consider confirming an internal desired process and adjust as desired.

The 'AcknowledgedDataCollectionPolicy' key prevents a user notification pop-up from showing.  Recommendation is to leave this value as set.

All other profile payload values should be correct at the time of writing, however, Microsoft may make changes over time which could require alteration of one or more of these.

Details pertaining to the contents of the payloads may be viewed in Microsoft's Defender Policies documentation; scroll down past the initial unnecessary information until you reach Step 4.

Assign to Devices

By way of either a 'Deployment' or 'Association' within FileWave, assign the Fileset to one or more test devices and once happy expand this to more devices.

Additional Information

The requirement script within the Installer Fileset is designed to ensure all profiles are in place before downloading and commencing with the installation.