| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Assign Admin Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md | When you add new users, if you don't assign them an admin role then they are in Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2198030). -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfO] +> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfO] -1. When you sign up for Microsoft 365 Business, you automatically become a global admin. To help manage the business, you can make other people admins as well. +1. When you sign up for Microsoft 365 Business, you automatically become a global admin. To help manage the business, you can make other people admins as well. 1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>. 1. Choose the user you want to make an admin, and then select **Manage roles**. If you found this video helpful, check out the [complete training series for small businesses and those new to Microsoft 365](../../business-video/index.yml). -## Assign admin roles +## Assign admin roles You can assign users to a role in two different ways: |
| admin | Manage Feedback Product Insights | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-product-insights.md | We use NPS surveys and feedback from your end-users to provide you with insights - See end-user comments on the top products and issues. - Export feedback and survey information to a CSV file. +## Watch: NPS feedback and insights ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE5d6gj] + ## Before you begin You need to be an [administrator](../add-users/about-admin-roles.md) to view and read survey reports. Your organization needs to have feedback surveys turned on to view and read survey reports. Check out [Manage Microsoft feedback for your organization](manage-feedback-ms-org.md) to learn more. You need to be an [administrator](../add-users/about-admin-roles.md) to view and ### Top topic filters -We've identified the common themes from user feedback. Then we used machine learning models that train the data sets and automatically organize the feedback into **Top Topics**. You can then identify the top five topics with the most volume of verbatim feedback. +We've identified the common themes from user feedback. Then we used machine learning models that train the data sets and automatically organize the feedback into **Top Topics**. You can then identify the top five topics with the most volume of verbatim feedback. :::image type="content" source="../../media/top-topics-filter.png" alt-text="Screenshot: Top five topics with the most verbatim feedback" lightbox="../../media/top-topics-filter.png"::: |
| compliance | Communication Compliance Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-policies.md | To copy a policy and create a new policy, complete the following steps: 3. In the **Copy policy** pane, you can accept the default name for the policy in the **Policy name** field or rename the policy. The policy name for the new policy can't be the same as an existing active or deactivated policy. Complete the **Description** field as needed. 4. If you don't need further customization of the policy, select **Copy policy** to complete the process. If you need to update the configuration of the new policy, select **Customize policy**. This starts the policy wizard to help you update and customize the new policy. +## Mark a policy as a favorite ++After you've created a communication compliance policy, you can mark the policy as a favorite. Once a policy has been identified as a favorite, you can filter favorite policies to appear at the top of the policies list. By marking a policy as a favorite, you can also easily sort policies by favorites. ++To mark a policy as a favorite, you have the following options: ++- **Mark as favorite**: Enables you to mark selected policies as favorites, so you can easily find the policies that you're most interested in rather than having to search for them. +- **Sort favorites**: Sorts the policies by favorites, so your favorite policies appear at the top of the list. +- **Customize columns**: Choose to list the favorites that you want to see. You can also choose to sort favorite policies in ascending or descending order. ++To sort policies by groups: ++- **All policies**: This is the default view, displaying all the policies in the list. +- **Only favorites**: Groups policies by favorites at the top of the list. ++ + ## Policy activity detection Communications are scanned every hour from the time policies are created. For example, if you create an inappropriate content policy at 11:00 AM, the policy will gather communication compliance signals every hour starting from when the policy was created. Editing a policy doesn't change this time. To view the last scan date and Coordinated Universal Time (UTC) for a policy, navigate to the *Last policy scan* column on the **Policy** page. After creating a new policy, it may take up to an hour to view the first policy scan date and time. |
| compliance | Communication Compliance | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md | Identifying and resolving compliance issues with communication compliance uses t In this workflow step, you identify your compliance requirements and configure applicable communication compliance policies. Policy templates are a great way to not only quickly configure a new compliance policy, but to also quickly modify and update policies as your requirements change. For example, you may want to quickly test a policy for potentially inappropriate content on communications for a small group of users before configuring a policy for all users in your organization. ->[!IMPORTANT] +>[!IMPORTANT] >By default Global Administrators do not have access to communication compliance features. To enable permissions for communication compliance features, see [Make communication compliance available in your organization](/microsoft-365/compliance/communication-compliance-configure#step-1-required-enable-permissions-for-communication-compliance). You can choose from the following policy templates in the Microsoft Purview compliance portal: |
| compliance | Sit Get Started Exact Data Match Hash Upload | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-hash-upload.md | If the tool indicates a mismatch in number of columns it might be due to the pre ### Prerequisites - a work or school account for Microsoft 365 that will be added to the **EDM\_DataUploaders** security group-- a Windows 10 or Windows Server 2016 machine with .NET version 4.6.2 <!--4.7.2 un comment this around 9/29-->for running the EDMUploadAgent+- a Windows 10, Windows Server 2016 with .NET version 4.6.2, or a Windows Server 2019 machine<!--4.7.2 un comment this around 9/29--> for running the EDMUploadAgent - a directory on your upload machine for the: - [EDM Upload Agent](#links-to-edm-upload-agent-by-subscription-type) - your sensitive item file in .csv, .tsv or pipe (|) format, **PatientRecords.csv** in our examples |
| enterprise | M365 Dr Workload Other | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-other.md | Please refer to [Dynamics 365 availability and data locations | Microsoft Learn] ### Stream You can find this information from the "?" option in the Stream UI, if you have it running and then click on "About Microsoft Stream" and see where your data is stored. If needed, create a trial tenant. +## Viva Goals ++### Summary ++Service documentation: [Introduction to Microsoft Viva Goals ](/viva/goals/intro-to-ms-viva-goals) ++Capability summary: Microsoft Viva Goals is a goal-alignment solution that connects teams to your organizationΓÇÖs strategic priorities, unites them around your mission and purpose, and drives business results. Viva Goals enables individuals and companies to organize and track their goals through ΓÇ£Objectives and Key ResultsΓÇ¥ (OKRs). Viva Goals immerses everyone in the companyΓÇÖs purpose and top priorities and creates a culture of engaged employees focused on achieving common goals. ++### Data Residency Available ++Starting December 5, 2022, Viva Goals [Customer Data](/privacy/eudb/eu-data-boundary-learn) for new tenants in the [European Union Data Boundary (EUDB)](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations) will be stored in data centers located in the EU. All other tenants will have their Viva Goals Customer Data stored in data centers located in the United States. Tenants aren't provided with a choice for the specific deployment region for data storage. ++To be considered a tenant in the EUDB: + +1. The tenant must have a *default geography* in a EUDB country or select a country in EUDB country as their residence during free trial sign-up; and +1. The tenant must not purchase a Multi-Geo offering ++### Migration ++Customers who signed up for Viva Goals prior to December 5, 2022, currently have their data stored in the US data centers. We'll migrate the data for these customers to data centers located in the EU over the coming months. Customers won't have to do anything to facilitate this move. + ### Viva Insights ΓÇô Advanced, Mgr, Leader Please see the [Static data location information for select workloads](#static-data-location-information-for-select-workloads) section. The data region for Manager/Leader and Advanced is determined by the _Default Geography_ of the _tenant_, not individual users. |
| enterprise | O365 Data Locations | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/o365-data-locations.md | Title: "Microsoft 365 data locations" Previously updated : + audience: ITPro See the following links to understand workload data location. - Forms [Data Location](m365-dr-workload-other.md#forms) - Intune [Data Location](m365-dr-workload-other.md#intune) - Planner [Data Location](m365-dr-workload-other.md#planner)+- Viva Goals [Data Location](m365-dr-workload-other.md#viva-goals) - Viva Insights ΓÇô Advanced, Mgr, Leader [Data Location](m365-dr-workload-other.md#viva-insights--advanced-mgr-leader) - Viva Insights ΓÇô Personal [Data Location](m365-dr-workload-other.md#viva-insights--personal) - Viva Learning [Data Location](m365-dr-workload-other.md#viva-learning) |
| lighthouse | M365 Lighthouse Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md | We're continuously adding new features to [Microsoft 365 Lighthouse](m365-lighth > [!NOTE] > Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon. +## January 2023 ++### Automation of Intune device enrollment through the default baseline ++The default baseline now provides a mobile device management (MDM) and mobile application management (MAM) deployment sub-task to automate the enrollment of Windows devices in Intune. Previously, this was a manual task that provided instructions only. ++For any tenant, go to the **Deployment plan** page, expand the **Set up device enrollment** task, select the **Configure device enrollment** sub-task to open the task details pane, and then select **Deploy**.ΓÇ» ++### User search improvements ++The **Account management** > **Search users** page now shows search results as soon as a matching user is found within any tenant. The prior version of the page showed search results only after searching across all tenants. + ## November 2022 ### Changes to Microsoft Defender Firewall and Microsoft Defender Antivirus deployment tasks |
| security | Device Control Removable Storage Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection.md | To manage external storage, use removable storage access control instead of [dev - Applied at the device level: the same policy applies for any logged on user. - For macOS specific information, see [Device control for macOS](mac-device-control-overview.md). -**Supported platform** - macOS Catalina 10.15.4+ (with system extensions enabled) +**Supported platform** - macOS 11 (Big Sur) or later ### Device installation To manage external storage, use removable storage access control instead of [dev - Applied at the device level: the same policy applies for any logged on user - For macOS specific information, see [Device control for macOS](mac-device-control-overview.md). -**Supported platform** - macOS Catalina 10.15.4+ (with system extensions enabled) or later +**Supported platform** - macOS 11 (Big Sur) or later ### Endpoint DLP Removable storage |
| security | Device Health Microsoft Defender Antivirus Health | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health.md | The Device Health report provides information about the devices in your organiza > For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution). In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**. The [**Microsoft Defender Antivirus health** tab](#microsoft-defender-antivirus-health-tab) has eight cards that report on the following aspects of Microsoft Defender Antivirus:+ - [Antivirus mode card](#antivirus-mode-card) - [Antivirus engine version card](#antivirus-engine-version-card) - [Antivirus security intelligence version card](#antivirus-security-intelligence-version-card) To Assign these permissions: For more information about user role management, see [Create and manage roles for role-based access control](user-roles.md). -## Microsoft Defender Antivirus health tab +## Microsoft Defender Antivirus health tab + The Microsoft Defender Antivirus health tab contains eight cards that report on several aspects of Microsoft Defender Antivirus in your organization: Two cards, [Antivirus mode card](#antivirus-mode-card) and [Recent antivirus scan results card](#recent-antivirus-scan-results-card), report about Microsoft Defender Antivirus functions. There are two different export csv functionalities through the portal: - **Top level export**. You can use the top-level **Export** button to gather an all-up Microsoft Defender Antivirus health report (500-K limit). - ::image type="content" source="images/device-health-defender-antivirus-health-tab-export.png" alt-text="Shows the top-level export report button" lightbox="images/device-health-defender-antivirus-health-tab-export.png"::: - **Flyout level export**. You can use the **Export** button within the flyouts to export a report to an Excel spreadsheet (100-K limit). For information on exporting using API, see the following articles: > [!IMPORTANT] >-> Currently, only the **Antivirus Health JSON Response** is generally available. **Antivirus Health API via files** is only available in public preview. +> Currently, only the [Antivirus Health JSON Response](device-health-api-methods-properties.md#13-export-device-antivirus-health-details-api-properties-json-response) is generally available. [Antivirus Health API via files](device-health-api-methods-properties.md#14-export-device-antivirus-health-details-api-properties-via-files) is only available in public preview. >-> **Advanced Hunting custom query** is currently only available in public preview, even if the queries are still visible. +> [Advanced Hunting custom query](run-advanced-query-api.md) is currently only available in public preview, even if the queries are visible. ### Microsoft Defender Antivirus version and update cards functionality |
| security | Mac Install Jamfpro Login | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-jamfpro-login.md | Title: Log in to Jamf Pro description: Log in to Jamf Pro -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Install Manually | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-manually.md | Title: Manual deployment for Microsoft Defender for Endpoint on macOS description: Install Microsoft Defender for Endpoint on macOS manually, from the command line. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library To complete this process, you must have admin privileges on the device. ## How to Allow Full Disk Access -> [!CAUTION] -> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device. - 1. To grant consent, open **System Preferences** \> **Security & Privacy** \> **Privacy** \> **Full Disk Access**. Click the lock icon to make changes (bottom of the dialog box). Select Microsoft Defender for Endpoint. 2. Run an AV detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device: |
| security | Mac Install With Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md | Title: Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager -description: Install Microsoft Defender for Endpoint on Mac, using Microsoft Endpoint Manager. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, big sur, monterey, ventura, mde for mac + Title: Intune-based deployment for Microsoft Defender for Endpoint on Mac +description: Install Microsoft Defender for Endpoint on Mac, using Microsoft Intune. +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library The following table summarizes the steps you would need to take to deploy and ma |||| |[Download the onboarding package](#download-the-onboarding-package)|WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml|com.microsoft.wdav.atp| |[Approve System Extension for Microsoft Defender for Endpoint](#approve-system-extensions)|MDATP_SysExt.xml|N/A|-|[Approve Kernel Extension for Microsoft Defender for Endpoint](#download-the-onboarding-package)|MDATP_KExt.xml|N/A| -|[Grant full disk access to Microsoft Defender for Endpoint](#full-disk-access)|MDATP_tcc_Catalina_or_newer.xml|com.microsoft.wdav.tcc| |[Network Extension policy](#network-filter)|MDATP_NetExt.xml|N/A| |[Configure Microsoft AutoUpdate (MAU)](mac-updates.md#intune)|MDATP_Microsoft_AutoUpdate.xml|com.microsoft.autoupdate2| |[Microsoft Defender for Endpoint configuration settings](mac-preferences.md#intune-full-profile) <p> **Note:** If you're planning to run a third-party AV for macOS, set `passiveMode` to `true`.|MDATP_WDAV_and_exclusion_settings_Preferences.xml|com.microsoft.wdav| This profile contains a license information for Microsoft Defender for Endpoint. ### Approve System Extensions -This profile is needed for macOS 10.15 (Catalina) or newer. It will be ignored on older macOS. +This profile is needed for macOS 11 (Big Sur) or later. It will be ignored on older macOS. 1. Select **Create Profile** under **Configuration Profiles**. 1. Select **Platform**=**macOS**, **Profile type**=**Templates**. **Template name**=**Extensions**. Click **Create**. This profile is needed for macOS 10.15 (Catalina) or newer. It will be ignored o 1. In the **Assignments** tab, assign this profile to **All Users & All devices**. 1. Review and create this configuration profile. -### Kernel Extensions -This profile is needed for macOS 10.15 (Catalina) or older. It will be ignored on newer macOS. +### Full Disk Access -> [!CAUTION] -> Apple Silicon (M1) devices do not support KEXT. Installation of a configuration profile consisting KEXT policies will fail on these devices. --1. Select **Create Profile** under **Configuration Profiles**. -1. Select **Platform**=**macOS**, **Profile type**=**Templates**. **Template name**=**Extensions**. Click **Create**. -1. In the **Basics** tab, give a name to this new profile. -1. In the **Configuration settings** tab, expand **Kernel Extensions**. -1. Set **Team identifier** to **UBF8T346G9** and click **Next**. -- > [!div class="mx-imgBorder"] - > :::image type="content" source="images/mac-kernel-extension-intune2.png" alt-text="Allowed team identifiers for Kernel extensions." lightbox="images/mac-kernel-extension-intune2.png"::: --1. In the **Assignments** tab, assign this profile to **All Users & All devices**. -1. Review and create this configuration profile. --### Full Disk Access -- > [!CAUTION] - > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device. - > - > This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Microsoft Endpoint Manager, we recommend you update the deployment with this configuration profile. +> [!NOTE] +> Enabling **TCC** (Transparency, Consent & Control) through an Mobile Device Management solution such as [Intune](mac-install-with-intune.md), will eliminate the risk of Defender for Endpoint losing **Full Disk Access** Authorization to function properly. +>This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile. Download [**fulldisk.mobileconfig**](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/fulldisk.mobileconfig) from [our GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles). You don't need any special provisioning for a Mac device beyond a standard [Comp > [!div class="mx-imgBorder"] > :::image type="content" source="images/mdatp-icon-bar.png" alt-text="The icon for Microsoft Defender for Endpoint in the status bar" lightbox="images/mdatp-icon-bar.png"::: +<br> +</br> + ## Troubleshooting Issue: No license found. |
| security | Mac Install With Jamf | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-jamf.md | Title: Deploying Microsoft Defender for Endpoint on macOS with Jamf Pro description: Deploying Microsoft Defender for Endpoint on macOS with Jamf Pro -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library search.appverid: met150 Learn how to deploy Microsoft Defender for Endpoint on macOS with Jamf Pro. -> [!NOTE] -> If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](/microsoft-365/security/defender-endpoint/mac-sysext-policies). This is a multi-step process. You'll need to complete all of the following steps: |
| security | Mac Install With Other Mdm | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm.md | Title: Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint on Mac description: Install Microsoft Defender for Endpoint on Mac on other management solutions. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, macos, catalina, big sur, monterey, ventura, mde or mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, macos, big sur, monterey, ventura, mde or mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Jamfpro Device Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups.md | Title: Set up device groups in Jamf Pro description: Learn how to set up device groups in Jamf Pro for Microsoft Defender for Endpoint on macOS -keywords: device, group, microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: device, group, microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Jamfpro Enroll Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices.md | Title: Enroll Microsoft Defender for Endpoint on macOS devices into Jamf Pro description: Enroll Microsoft Defender for Endpoint on macOS devices into Jamf Pro -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Jamfpro Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-policies.md | Title: Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro description: Learn how to set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro -keywords: policies, microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: policies, microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamfpro, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library All you need to do to have updates is to download an updated schema, edit existi ## Step 4: Configure notifications settings -These steps are applicable of macOS 10.15 (Catalina) or newer. +These steps are applicable on macOS 11 (Big Sur) or later. 1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**. These steps are applicable of macOS 10.15 (Catalina) or newer. - Tab **General**: - **Name**: MDATP MDAV Notification settings- - **Description**: macOS 10.15 (Catalina) or newer + - **Description**: macOS 11 (Big Sur) or later - **Category**: None *(default)* - **Distribution Method**: Install Automatically *(default)* - **Level**: Computer Level *(default)* These steps are applicable of macOS 10.15 (Catalina) or newer. **General** - Name: MDATP MDAV - grant Full Disk Access to EDR and AV- - Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control + - Description: On macOS 11 (Big Sur) or later, the new Privacy Preferences Policy Control - Category: None - Distribution method: Install Automatically - Level: Computer level Alternatively, you can download [kext.mobileconfig](https://github.com/microsoft As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft 365 Defender portal. The following policy allows the network extension to perform this functionality. -These steps are applicable of macOS 10.15 (Catalina) or newer. +These steps are applicable on macOS 11 (Big Sur) or later. + 1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**. These steps are applicable of macOS 10.15 (Catalina) or newer. - Tab **General**: - **Name**: Microsoft Defender Network Extension- - **Description**: macOS 10.15 (Catalina) or newer + - **Description**: macOS 11 (Big Sur) or later - **Category**: None *(default)* - **Distribution Method**: Install Automatically *(default)* - **Level**: Computer Level *(default)* |
| security | Mac Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-preferences.md | Title: Set preferences for Microsoft Defender for Endpoint on Mac description: Configure Microsoft Defender for Endpoint on Mac in enterprise organizations. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, management, preferences, enterprise, intune, jamf, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, management, preferences, enterprise, intune, jamf, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Privacy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-privacy.md | Title: Privacy for Microsoft Defender for Endpoint on Mac description: Privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender for Endpoint on Mac. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, privacy, diagnostic, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, privacy, diagnostic, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Pua | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-pua.md | Title: Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Mac description: Detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender for Endpoint on macOS. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, pua, pus, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, pua, pus, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Resources | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-resources.md | Title: Resources for Microsoft Defender for Endpoint on Mac description: Resources for Microsoft Defender for Endpoint on Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Schedule Scan | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-schedule-scan.md | Title: How to schedule scans with Microsoft Defender for Endpoint on macOS description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint in macOS to better protect your organization's assets. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, scans, antivirus, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, scans, antivirus, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Support Install | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-install.md | Title: Troubleshoot installation issues for Microsoft Defender for Endpoint on Mac description: Troubleshoot installation issues in Microsoft Defender for Endpoint on Mac. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, install, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, install, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Support License | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-license.md | Title: Troubleshoot license issues for Microsoft Defender for Endpoint on Mac description: Troubleshoot license issues in Microsoft Defender for Endpoint on Mac. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, performance, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, performance, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Support Perf | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-perf.md |  Title: Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS description: Troubleshoot performance issues in Microsoft Defender for Endpoint on macOS. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, performance, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, performance, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Sysext Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-sysext-policies.md | Title: New configuration profiles for macOS Catalina and newer versions of macOS -description: This topic describes the changes that are must be made in order to benefit from the system extensions, which are a replacement for kernel extensions on macOS Catalina and newer versions of macOS. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, kernel, system, extensions, catalina, big sur, monterey, ventura, mde for mac + Title: New configuration profiles for macOS Big Sur and newer versions of macOS +description: This topic describes the changes that are must be made in order to benefit from the system extensions, which are a replacement for kernel extensions on macOS Big Sur and newer versions of macOS. +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, kernel, system, extensions, big sur, monterey, ventura, mde for mac search.product: eADQiWindows 10XVcnh search.appverid: met150 -# New configuration profiles for macOS Catalina and newer versions of macOS +# New configuration profiles for macOS Big Sur and newer versions of macOS [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] |
| security | Mac Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-updates.md | Title: Deploy updates for Microsoft Defender for Endpoint on Mac description: Control updates for Microsoft Defender for Endpoint on Mac in enterprise environments. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, updates, deploy, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, updates, deploy, big sur, monterey, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |
| security | Mac Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md | Title: What's new in Microsoft Defender for Endpoint on Mac description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on Mac. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, macos, whatsnew, catalina, big sur, monterey, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, macos, whatsnew, big sur, monterey, ventura, mde for mac ms.mktglfcycl: security ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium Previously updated : 01/11/2023 Last updated : 01/17/2023 audience: ITPro search.appverid: met150 For more information on Microsoft Defender for Endpoint on other operating systems: - [What's new in Microsoft Defender for Endpoint on Linux](linux-whatsnew.md)-- [What's new in Microsoft Defender for Endpoint on iOS](ios-whatsnew.md)</br>+- [What's new in Microsoft Defender for Endpoint on iOS](ios-whatsnew.md) +++**Mac devices to soon receive built-in protection** ++Tamper protection will extend to macOS devices and will be turned on in block mode by default to help secure your Mac against threats. To learn more, see [Protect macOS security settings with tamper protection](built-in-protection.md). **Known issues** Microsoft Defender for Endpoint no longer supports macOS Catalina (10.15) as App **What's new** -- Fix for a system freeze occurring on shutdown on macOS Mojave and macOS Catalina.+- Fix for a system freeze occurring on shutdown on macOS Mojave and macOS Catalina. <br/> </details> Microsoft Defender for Endpoint no longer supports macOS Catalina (10.15) as App **What's new** -- Fix to accommodate for Apple certificate expiration for macOS Catalina and earlier. This fix restores Microsoft Defender Vulnerability Management (MDVM) functionality.+- Fix to accommodate for Apple certificate expiration for macOS Catalina and earlier. This fix restores Microsoft Defender Vulnerability Management (MDVM) functionality. <br/> </details> |
| security | Microsoft Defender Endpoint Mac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac.md | Title: Microsoft Defender for Endpoint on Mac description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Mac. -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, monterey, big sur, catalina, ventura, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, monterey, big sur, ventura, mde for mac ms.mktglfcycl: deploy ms.sitesec: library There are several methods and deployment tools that you can use to install and c The three most recent major releases of macOS are supported. > [!IMPORTANT]-> On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). +> On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md). - 13 (Ventura), 12 (Monterey), 11 (Big Sur) - Disk space: 1GB Guidance for how to configure the product in enterprise environments is availabl ## macOS kernel and system extensions -Starting with macOS 11 (Big Sur), Microsoft Defender for Endpoint has been fully migrated from kernel extension to system extensions. Kernel extension is still being used on macOS 10.15 (Catalina). +Starting with macOS 11 (Big Sur), Microsoft Defender for Endpoint has been fully migrated from kernel extension to system extensions. ## Resources |
| security | Troubleshoot Cloud Connect Mdemac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-cloud-connect-mdemac.md | Title: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS description: This topic describes how to troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS -keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, monterey, ventura, bigsur, mde for mac +keywords: microsoft, defender, Microsoft Defender for Endpoint, mac, installation, deploy, uninstallation, intune, jamf, macos, monterey, ventura, bigsur, mde for mac ms.mktglfcycl: deploy ms.sitesec: library |