Microsoft Defender ATP Security for Macs

Microsoft Defender ATP (Advanced Threat Protection) is a program that detects ongoing attacks on corporate networks, blocks any that are malicious, and then provides response recommendations to improve security. Microsoft has made good on a pledge made in March 2019 by announcing that its sophisticated endpoint security service is available for Mac users.

Cybersecurity for Macs

Microsoft Defender ATP for Mac has been moved to what the company calls “general availability” as of June 28 according to Helen Allas, the principal program manager for the enterprise security team. In a July 8 post to a company blog, Allas reported that “with Microsoft Defender ATP for Mac general availability, all Microsoft Defender ATP customers now have an opportunity to start benefiting from integrated experiences across their Windows and macOS clients in Microsoft Defender Security Center.” The core components of Microsoft Defender ATP, which includes the latest “Threat & Vulnerability Management,” serve Macs as well as PCs.

The Microsoft Defender ATP for Mac supports the three latest released versions of macOS: Mojave, High Sierra, and Sierra. Customers can use Microsoft Intune and Jamf to deploy and manage Microsoft Defender ATP for Mac. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft Defender ATP for Mac updates.

There’s still more implementation to come

With this announcement came the news that this update doesn’t allow for complete integration of Microsoft Defender ATP for Macs quite yet. There are also some quirks that haven’t been ironed out for Mac users. In the “Known Issues” section of the online documentation, Microsoft has written “full Microsoft Defender ATP integration is not available yet.” And there is no date listed for when the entire program will be available for integration for Mac users.

Defense against malicious attacks

Microsoft Defender ATP is a very useful tool as it detects ongoing cyberattacks on corporate networks, blocks whatever it recognises as malicious, and then follows up to investigate and discover information about the attack and/or security breach, after which it provides response recommendations and cyberattack remediation.

How to add Microsoft Defender ATP

This defense service is a component within the highest-level Windows ten licenses, including those provided by a subscription service such as Windows 10 Enterprise E5 or Microsoft 365 E5. In fact, Microsoft claims that ATP is the differentiator between these high-level services and lower-tier bundles. You can also add ATP as an add-on service to Microsoft 365 E3 for an extra $12 per month.

If you want to add Macs to the Windows PCs already reporting and covered by Microsoft Defender ATP, users are required to license Microsoft 365 E5, Windows 10 Enterprise E5 or Windows 10 Education E5 (Microsoft 365 E5 includes Windows 10 Enterprise E5). Any Macs using Defender ATP are required to be running one of three of the newest edictions of macOS – 2018 Mojave, 2017 High Sierra, or 2016 Sierra. Once September’s release of 2019 Catalina, it’s likely that Microsoft will drop the oldest, 2016 Sierra, because Apple will no longer support that OS with regular security updates.

You can find instructions from Microsoft published on how to deploy Microsoft Defender ATP to Macs. On those instructions, users are warned that they will need “beginner-level experience in macOS and BASH scripting” as well as admin privileges to the device or devices in case there are issues and you need to use a fallback of manual deployment to install. Admins can deploy the security service to Macs using any of these platforms: Microsooft Intune, JAMF, or other MDM (mobile device management) platforms.

Instructions on how to configure Defender ATP for Mac are posted here.

Customers can register for a free trial of Defender ATP online.