Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.
Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls “general availability” on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest – “Threat & Vulnerability Management,” which made it to general availability a week ago – now serve Macs.
Not everything, though. “Full Microsoft Defender ATP integration is not available yet,” Microsoft said in the “Known issues” section of the still-sparse online documentation.
Microsoft Defender ATP detects ongoing attacks on corporate networks, blocks what it recognizes as malicious, then follows up to investigate the attack – or in the worst cases, the breach – and provides response recommendations and attack remediation.
The service is a component within the most expensive Windows 10 licenses, such as those provided by the subscription-based Windows 10 Enterprise E5 or Microsoft 365 E5. (The company touts ATP as the differentiator between those SKUs (stock-selling units) and the tier-lower bundles.) Microsoft also sells ATP as an add-on to Microsoft 365 E3 – one of those lower-tier subscriptions – for an extra $12 per user per month.
To add Macs to the Windows PCs already reporting to and covered by ATP, customers must license Microsoft 365 E5, Windows 10 Enterprise E5 or Windows 10 Education E5 (Microsoft 365 E5 includes Windows 10 Enterprise E5). The Macs must run one of the three newest editions of macOS (at this writing): 2018’s Mojave, 2017’s High Sierra, or 2016’s Sierra. At the September release of 2019’s Catalina, Microsoft will presumably drop the oldest, Sierra, since Apple will stop supporting that OS with security updates.
Microsoft has published instructions on deploying Microsoft Defender ATP to Macs. There, the company warned users that they would need “beginner-level experience in macOS and BASH scripting” as well as administrative privileges to the device(s) in case the fallback of manual deployment was necessary. Otherwise, admins can deploy the service to Macs using Microsoft Intune, JAMF or other MDM (mobile device management) platforms.
Details on configuring Defender ATP for Mac were posted elsewhere.
Customers can register for a free trial of Defender ATP online.