/
Installing Microsoft Defender for Mac in UT Austin JAMF

Installing Microsoft Defender for Mac in UT Austin JAMF

Feb 27, 2024


To use Microsoft Defender on Macs, it's critical to have a "Tagging" configuration profile as well as a "Scan Exclusions" profile.  If you installed Defender on any Macs without the Tagging profile in place, then the Mac will not show up as in your unit in the Defender console or the Splunk Defender dashboard.  In many Jamf sites there are Macs with Defender installed but no Tagging profile in the site.  Those will need to be fixed by EPM in the Defender console. 

Once you have the proper profiles in your site, as well as policies to install Microsoft Defender and remove Cisco AMP, you can install Defender on your Macs.

Installing Defender is a two step process - first you cache the installer, so the global Defender config profile is applied, then you install it from cache. 


The profiles, policies, and smart groups needed are:

Profiles

SITE - Microsoft Defender - Tagging
SITE - Microsoft Defender - Scan Exclusions

Policies

SITE - Microsoft Defender - Cache Installer
SITE - Uninstall Cisco AMP or Secure Endpoint
SITE - Uninstall Cisco AMP and Install Microsoft Defender 

Smart Groups

SITE-macOS Mojave (10.14) and Older
SITE - Exceptions - Microsoft Defender


None of the policies run automatically so you won't have Defender getting installed yet, unless you make one of the policies run at check-in.

EPM can clone all of these into your site using a script. 


To Remove Cisco AMP and Install Microsoft Defender

Use this policy:


SITE - Uninstall Cisco AMP and Install Microsoft Defender

where you should change SITE to your site in Jamf,

e.g AERE - Uninstall Cisco AMP and Install Microsoft Defender

 

If you want to run that on all Macs, set it to Recurring, and Run Once Per Computer.  


If you are using UT Provisioning for Mac initial setup, you can add the following to your "UT Provisioning - Required Configuration" or "UT Provisioning - Install Base Software" policy to get Defender installed on any new or reimaged Macs (be sure to change SITE to your site)

Downloading Microsoft Defender,SITE-cache-defender

Installing Microsoft Defender,SITE-install-defender


 To exclude Macs from installing Microsoft Defender


The smart group SITE - Exceptions - Microsoft Defender can be used to exclude any Macs from the install policies, if you want to keep any Macs on AMP, but don't want to change the scoping on the policies.  You can also set the EA "Exception - Microsoft Defender" to Yes to exclude a Mac from Defender.


Confluence Documentation | Web Privacy Policy | Web Accessibility