Sample Exchange

 View Only

Microsoft Defender ATP 

Feb 19, 2020 04:34 PM

Microsoft Defender ATP

Deploying MS Defender ATP macOS with vmWare WorkspaceOne UEM

Overview

Purpose

If you want to distribute Microsoft Defender ATP for macOS via WorkspaceOne in an enterprise environment you need 2 plist at the end which you distribute via the custom settings in WS1 and which are located in the /Libray/Managed Preferences/. On the one hand you need the onboarding info, which contains the license for Defender ATP, on the other hand you need the configuration settings. In addition you have to define the system extension policy, kernel extension policy and the privacy preferences.

For the managed configuration settings you need the com.microsoft.wdav.plist Sanitized plist/custom setting in xml:

<dict>
<key>PayloadType</key>
<string>com.microsoft.wdav</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav.D71143E9-8F41-47EE-8CD2-69495E82C6AC</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadUUID</key>
<string>D71143E9-8F41-47EE-8CD2-69495E82C6AC</string>
<key>PayloadDisplayName</key>
<string>WDATP configuration settings</string>
<key>AllowUserOverrides</key>
<false/>
<key>SendAllTelemetryEnabled</key>
<false/>
<key>antivirusEngine</key>
<dict>
<key>enableRealTimeProtection</key>
<true/>
<key>passiveMode</key>
<false/>
<key>exclusionsMergePolicy</key>
<string>admin_only</string>
</dict>
<key>cloudService</key>
<dict>
<key>enabled</key>
<true/>
<key>automaticSampleSubmission</key>
<false/>
<key>diagnosticLevel</key>
<string>required</string>
</dict>
<key>allowedThreats</key>
<dict>
<key>disallowedThreatActions</key>
<string>allow</string>
</dict>
<key>OrgId</key>
<string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
</dict>

For the onboarding info and licence you need the com.microsoft.wdav.atp.plist Sanitized plist/custom setting in xml:

<dict>
<key>PayloadType</key>
<string>com.microsoft.wdav.atp</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.microsoft.wdav.atp.D71143E9-8F41-47EE-8CD2-69495E82C6AC</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadUUID</key>
<string>D71143E9-8F41-47EE-8CD2-69495E82C6AC</string>
<key>PayloadDisplayName</key>
<string>WDATP Onboarding</string>
<key>AllowUserOverrides</key>
<false/>
<key>SendAllTelemetryEnabled</key>
<false/>
<key>OrgId</key>
<string>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</string>
<key>OnboardingInfo</key>
<string>settings from your Defender ATP Admin center</string>
</dict>

Finally you can build a new profile for system extension policy, kernel extension policy and privacy preferences or you can include in one of your previous profile.


#VMwareWorkspaceONEUEM
#macOS
#BSD3-Clause
#XML

Statistics
0 Favorited
1 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
euc-samples-master.zip   123.74 MB   1 version
Uploaded - Apr 09, 2024

Tags and Keywords

Related Entries and Links

No Related Resource entered.