Microsoft Defender ATP for Mac currently includes preventive antivirus capabilities and reporting via Microsoft Defender Security Center. With the new EDR capabilities, Microsoft Defender ATP customers will have the ability to detect advanced attacks that involve macOS devices, utilize rich investigation experiences, and quickly remediate threats. 2020-3-20  Settings for Microsoft Defender ATP for Mac in Microsoft Intune.; 2 minutes to read; In this article. View the Antivirus profile settings you can configure for Microsoft Defender ATP for Mac in Microsoft Intune. For more information about these settings, see Microsoft Defender Advanced Threat Protection for Mac in the Windows documentation. 2020-3-31  Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of. The security platform for intelligent protection, detection, investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. Security and data privacy is our priority.

Microsoft today shared a bunch of security news ahead of RSAC 2020 that kicks off next week in San Francisco. The biggest announcement is arguably the general availability of Microsoft Threat Protection, which uses AI to offer a correlated view of threats and automation to address them. Other tidbits worth touching on include news from Microsoft Defender ATP (Android and iOS support is coming), Insider Risk Management, and Azure Sentinel.

Microsoft released a public preview of Microsoft Threat Protection in December. At the time, the company described “an integrated solution” built on Microsoft Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration tools, Azure ATP for identity-based threats, and Microsoft Cloud App Security (MCAS) for SaaS applications. In short, Microsoft Threat Protection shares threat insights between these products to help stop the progression of an attack. Until now, these products talked to each other “but not automatically and at scale,” Ann Johnson, corporate vice president at Microsoft, told VentureBeat. The communication lines were already open, but by announcing general availability today, the company is signaling its confidence in “being able to detect the threats, block the threats, and then pass that information along in milliseconds.”

Earlier this year, Microsoft shared that the custom algorithms and machine learning models built into Microsoft Security solutions are trained on 8 trillion daily threat signals. Microsoft Threat Protection uses this AI to help security teams prioritize and act on all the various alerts across their organizations. It proactively hunts for threats across users, email, applications, and endpoints (Windows, macOS, and Linux). The solution investigates threats, responds to them, and automatically restores affected assets to a secured state without any human intervention.

Microsoft Defender ATP for Linux, Android, and iOS

“Microsoft Threat Protection truly is a cloud-based solution that uses a lot of artificial intelligence and machine learning at the endpoint to understand and recognize threats, to be able to detect them, to block them in real time, to block them at global scale, and to communicate across the platforms,” Johnson said. “So if the Windows endpoint sees a threat, it will tell Office. If the Office endpoint sees a threat, it’s going to notify Azure Storage or Azure Server or notify Windows. And now that we’re going to have that cross-platform support, we’ll have that capability also with an extended reach.”

Back in March, Microsoft rebranded Windows Defender as Microsoft Defender to signal it was extending its endpoint protection platform to additional operating systems. The company launched Microsoft Defender Advanced Threat Protection (ATP) for Mac in limited preview then and followed up with a private preview in December.

Microsoft Defender ATP for Windows and macOS offers preventative protection, post-breach detection, and automated investigation and response. Today, the company announced the public preview of preventative protection capabilities for Linux servers. It supports the following Linux server versions: RHEL 7+, CentOS Linux 7+, Ubuntu 16 LTS or higher LTS, SLES 12+, Debian 9+, and Oracle EL 7.

Even more notably, Microsoft today announced plans to bring Microsoft Defender ATP to mobile platforms this year. That means Android and iOS devices will get antivirus protection and a full command line experience. In the Microsoft Defender Security Center, you’ll be able to see basic alerts and machine information. You can’t offer enterprise security without offering protection on mobile as well.

Windows Defender Atp

Insider Threat Protection

Microsoft today also announced the general availability of Insider Risk Management. As the number of mobile devices grows, so does the amount of corporate data that can be easily transported and accessed anywhere. Insider Risk Management aims to help IT departments identify, remediate, and prevent insider risks. Plus, it doesn’t require deploying agents or configuring data ingestion.

First available as a preview in November, Insider Risk Management extends the same Microsoft Information Protection tech that already classifies and protects more than 50 billion documents for Microsoft customers. The service leverages AI and machine learning to identify anomalies in user behavior and flag high-risk activities. Specifically, the ML algorithms consider variables like file activity, communications sentiment, and abnormal user behaviors. Microsoft promises that the tool identifies patterns and risks in a privacy-preserving fashion (names are anonymized). The offering also includes an IP Theft template and previews of Harassment, Confidentiality, and Security templates.

“Really driven by a lot of customer demand, but also driven by our own internal organization, was the need to do something around insider risk management and actually throw machine learning again at this problem,” Johnson told VentureBeat. “What our customers tell us today, and the research tells us, [is] that over 50% of breaches have some type of insider element.”

Azure Sentinel

When announcing Azure Sentinel, which hit general availability in September, Microsoft called it the first native Security Information and Event Management (SIEM) tool built by a major cloud provider. The cloud-based SIEM uses AI to “reduce the noise” and deliver intelligent security analytics across the enterprise. Azure Sentinel can turn “huge volumes of low fidelity signals” into “a few important incidents for security professionals to focus on.”

Microsoft

In that vein, Microsoft today shared that Azure Sentinel evaluated nearly 50 billion suspicious signals within the company in December 2019 to emit 25 high-confidence incidents for investigation. Of course, 50 billion signals would be impossible for employees to manually analyze in a month, even for a company of Microsoft’s size.

On February 24, Azure Sentinel is getting the following enhancements:

  • New built-in connectors: Data connectors and workbooks from partners like Forcepoint, Zimperium, Quest, CyberArk, and Squadra. The new connector for Azure Security Center for IoT makes Azure Sentinel the first SIEM with native IoT support.
  • New resources: Developer docs, guides, samples, validation criteria, and updated GitHub Wiki.
  • Import AWS CloudTrail logs for no additional cost until June 30: Azure Sentinel provides security insights across the entire enterprise, not just on Microsoft workloads.

That last point is one that Microsoft really wants to drive home. You can already ingest Microsoft Azure activity logs, Office 365 audit logs, and Microsoft 365 security alerts for free with Azure Sentinel. But Amazon Web Services is bigger than Microsoft Azure, so this promotion is meant to woo those customers.

Microsoft Defender Advanced Threat Protection For Mac Windows 10

“We also want to make certain that our customers know that even though the solution is called Microsoft Azure Sentinel, it is actually a solution that was fully built and contemplated to be like any other SIEM in the market — being cross-cloud and being able to work in any environment in a very heterogeneous way,” Johnson said. “We really want our customers to be able to test that heterogeneous environment for themselves in a very low-risk manner.”

-->

本主题介绍了如何安装、配置、更新和使用 Microsoft Defender ATP for Mac。This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.

注意

在 Microsoft Defender ATP for Mac 上运行其他第三方终结点保护产品可能会导致性能问题和不可预知的副作用。Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects.如果非 Microsoft endpoint protection 是你的环境中的绝对要求,则在将 Mac 防病毒功能的 MDATP 配置为在被动模式下运行时,你仍可以安全地利用 MDATP FOR mac EDR 功能。If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in Passive mode.

最新版本中的新增功能What’s new in the latest release

提示

如果你有想要共享的任何反馈,请在你的设备上打开 Microsoft Defender ATP for Mac 进行提交,并导航到帮助 > 发送反馈If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback.

若要获取最新功能,包括预览功能(如 Mac 计算机的终结点检测和响应),请将运行 Microsoft Defender ATP 的 macOS 计算机配置为 '预览体验成员' 计算机。To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac machines), configure your macOS machine running Microsoft Defender ATP to be an 'Insider' machine.请参阅启用 Microsoft DEFENDER ATP 预览体验成员计算机。See Enable Microsoft Defender ATP Insider Machine.

如何安装 Microsoft Defender ATP for MacHow to install Microsoft Defender ATP for Mac

必备条件Prerequisites

  • Microsoft Defender ATP 订阅和 Microsoft Defender 安全中心门户的访问权限A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
  • MacOS 和 BASH 脚本中的入门级体验Beginner-level experience in macOS and BASH scripting
  • 对设备的管理权限(在手动部署时)Administrative privileges on the device (in case of manual deployment)

安装说明Installation instructions

你可以使用多种方法和部署工具来安装和配置 Microsoft Defender ATP for Mac。There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.

Microsoft Defender Advanced Threat Protection For Mac Os

  • 第三方管理工具:Third-party management tools:

  • 命令行工具:Command-line tool:

系统要求System requirements

支持 macOS 的三个最新主要版本。The three most recent major releases of macOS are supported.

  • 10.15 (Catalina)、10.14 (Mojave)、10.13 (高塞拉利昂)10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
  • 磁盘空间: 650 MBDisk space: 650 MB

不支持 macOS 的 Beta 版本。Beta versions of macOS are not supported.macOS 塞拉利昂(10.12)支持于2020年1月1日结束。macOS Sierra (10.12) support ended on January 1, 2020.

启用服务后,您可能需要配置网络或防火墙以允许其与终结点之间的出站连接。After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

网络连接Network connections

下表列出了你的网络必须能够连接到的服务和其关联 URL。The following table lists the services and their associated URLs that your network must be able to connect to.你应该确保没有可拒绝访问这些 Url 的防火墙或网络筛选规则,或者你可能需要为其创建一个允许规则。You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

服务位置Service locationDNS 记录DNS record
所有位置的通用 UrlCommon URLs for all locationsx.cp.wd.microsoft.comx.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.comcdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.comeu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.comwu-cdn.x.cp.wd.microsoft.com
*.blob.core.windows.net*.blob.core.windows.net
officecdn-microsoft-com.akamaized.netofficecdn-microsoft-com.akamaized.net
crl.microsoft.comcrl.microsoft.com
events.data.microsoft.comevents.data.microsoft.com
欧盟European Unioneurope.x.cp.wd.microsoft.comeurope.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.comeu-v20.events.data.microsoft.com
英国United Kingdomunitedkingdom.x.cp.wd.microsoft.comunitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.comuk-v20.events.data.microsoft.com
美国United Statesunitedstates.x.cp.wd.microsoft.comunitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.comus-v20.events.data.microsoft.com

Microsoft Defender ATP 可以使用以下发现方法发现代理服务器:Microsoft Defender ATP can discover a proxy server by using the following discovery methods:

  • Web 代理自动发现协议 (WPAD)Web Proxy Auto-discovery Protocol (WPAD)
  • 手动静态代理配置Manual static proxy configuration

如果代理或防火墙阻止匿名通信,请确保在前面列出的 Url 中允许匿名通信。If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

若要测试连接是否未被阻止,请https://x.cp.wd.microsoft.com/api/report在https://cdn.x.cp.wd.microsoft.com/ping浏览器中打开和。To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

Windows Defender Apt

如果你喜欢命令行,也可以通过在 '终端' 中运行以下命令来检查连接:If you prefer the command line, you can also check the connection by running the following command in Terminal:

此命令的输出应类似于以下内容:The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

Price of microsoft office for mac home edition 2017. DescriptionFully installed versions of Microsoft Outlook 2019, Word 2019, Excel 2019, PowerPoint 2019 and OneNote 2019 for Mac.License & Delivery: This is the Full version with Worldwide Lifetime License.

Microsoft Defender Advanced Threat Protection For Mac Free

OK https://cdn.x.cp.wd.microsoft.com/ping

注意

我们建议你在客户端计算机上保持系统完整性保护(SIP)启用。We recommend that you keep System Integrity Protection (SIP) enabled on client machines.SIP 是一种内置的 macOS 安全功能,可防止对操作系统进行低级篡改,并且默认情况下处于启用状态。SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

安装 Microsoft Defender ATP 后,可通过在终端中运行以下命令来验证连接性:Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:

Microsoft Defender Advanced Threat Protection

如何更新 Microsoft Defender ATP for MacHow to update Microsoft Defender ATP for Mac

Microsoft 会定期发布软件更新,以提高性能、提高安全性和提供新功能。Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.若要更新 Microsoft Defender ATP for Mac,请使用名为 Microsoft 自动更新(MAU)的程序。To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used.若要了解详细信息,请参阅部署 Microsoft DEFENDER ATP For Mac 的更新To learn more, see Deploy updates for Microsoft Defender ATP for Mac

如何配置 Microsoft Defender ATP for MacHow to configure Microsoft Defender ATP for Mac

Microsoft Defender Advanced Threat Protection (atp) For Mac Download

有关如何在企业环境中配置产品的指南在设置 Microsoft DEFENDER ATP For Mac 的首选项中可用。Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.

macOS 内核和系统扩展macOS kernel and system extensions

在与 macOS 演变的过程中,我们准备了一个 Microsoft Defender ATP for Mac 更新,它利用系统扩展而不是内核扩展。In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions.请访问Microsoft Defender 高级威胁防护 For Mac 中的新增功能,了解相关详细信息。Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.

资源Resources

  • 有关日志记录、卸载或其他主题的详细信息,请参阅 '资源' 页面。For more information about logging, uninstalling, or other topics, see the Resources page.