Microsoft Defender for Endpoint (MDE) Installation and Onboarding (macOS)

Issue/Question

  • How do I install and onboard MDE on macOS?

Environment

  • Oregon State University
  • OSU owned machine
  • macOS version must be 10.14.6 (Mojave) or newer --> Mojave, Catalina, Big Sur, or Monterey

Notes

This process involves running a script in Terminal and will need an admin user.

MDE installation and onboarding files are available via https://oregonstate.box.com/s/8pflo4r2fldejzwrnivmug18brtljbtv (OSU Login Required)

Approximate time to plan for this: the first time might take up to 15 minutes, but full time to process - including downloads/installs - is closer to 5 minutes (assuming decent network connection).

Resolution

Install Microsoft Defender for Endpoint

  1. Install wdav.pkg from the Box link (follow all the prompts).
  2. You will need to open Security Preferences.
  3. You will need to open System Preferences > Security & Privacy. Select Details and choose both options listed.
  4. You will need to allow full disk access to Microsoft Defender ATP and Microsoft Defender ATP Endpoint Security Extension via System Preferences > Security & Privacy > Privacy
  5. Drag the ‘MicrosoftDefenderATPOnboardingMacOs.sh’ script from the Downloads folder to whatever location you want to run it from.
  6. Open Terminal.
  7. Run the onboarding script.
    1. You can run the script by hand with the full path (e.g. /Users/MyUser/Downloads/MicrosoftDefenderATPOnboardingMacOs.sh), by changing directory with CD first, or simply drag the onboarding script from Downloads directly on top of Terminal and press enter.
  8. Follow all prompts. After following the instructions the command line should look similar to this.
  9. You should see the MDE icon in the upper right of the menu bar now has a checkmark on it, instead of an X.

Once it’s set up, you can test how it’s working by running this in Terminal: mdatp connectivity test

33% helpful - 3 reviews

Details

Article ID: 133114
Created
Thu 7/8/21 4:08 PM
Modified
Wed 5/18/22 5:25 PM