Skip to content
/ EasyDefenderMacOS Public

A set of importable Intune policies that simplify onboarding/offboarding MacOS devices to/from Defender for Business/Endpoint.

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vladjoh/EasyDefenderMacOS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
LICENSE
LICENSE
 
 
MacOS.zip
MacOS.zip
 
 
README.md
README.md
 
 

Repository files navigation

EasyDefenderMacOS

EasyDefenderMacOS is a set of importable Intune policies that simplify onboarding/offboarding MacOS devices to/from Defender for Business/Endpoint.

Device types supported

  • Works with both personally-owned devices (work profile) and corporate-owned devices

🚀 Setup Guide

  1. Verify Defender for Business/Endpoint availability
    • Go to security.microsoft.com
    • Navigate to Assets → Devices and ensure your Defender for Business / Defender for Endpoint instance is set up in the tenant.
image
  1. Enable Intune connection in Defender portal
    • Go to System → Settings → Endpoints
    • Ensure that the Microsoft Intune connection is turned ON.
image
  1. Confirm Defender connection in Intune admin center
    • Go to intune.microsoft.com
    • Navigate to Endpoint Security → Microsoft Defender for Endpoint
    • Ensure the Connection status is Enabled.
image
  1. Set up Apple MDM Push Certificate
    • In the Intune admin center, go to Devices → macOS → Enrollment
    • Ensure the Apple MDM Push Certificate is active.
image
  1. Import policies
image image
    • Onboarding package
    • Download your macOS onboarding package from the Defender portal. Follow the instructions in the policy description.
    • Replace the .xml file inside the policy [macOS] - MDE Onboarding package with the downloaded one.
image image image
  1. [ONLY FOR OFFBOARDING] SKIP THIS AND GO TO STEP 8 IF YOU DON'T NEED TO OFFBOARD DEVICES
    • Follow the instructions in the policy [macOS] - MDE Offboarding package.
    • ⚠️ Do not assign this policy unless you actually need to offboard devices from Defender for Endpoint.
image
  1. Assign policies in Devices -> MacOS -> Configuration
    • Assign all policies except the "[MacOS]- MDE Offboarding package" to your security Device Group or All Devices.
image image
  1. Set Defender MacOS app as required in Apps-> MacOs
    • Microsoft Defender for Endpoint (macOS app) must be assigned as Required to the same Device Group / All Devices.
image
  1. Test onboarding by enrolling your test device(s) to Intune
    • On a macOS device, go to aka.ms/enrollmymac
    • The Mac should be automatically enrolled into Defender for Endpoint after device enrollment without any manual steps.

✅ Summary

With EasyDefenderMacOS, onboarding and offboarding macOS devices into /from Microsoft Defender for Endpoint becomes much easier without many manual tasks!

About

A set of importable Intune policies that simplify onboarding/offboarding MacOS devices to/from Defender for Business/Endpoint.

Topics

macos mac defender endpoint intune endpoint-security defender-atp defender-for-endpoint endpoint-management defenderxdr

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published