What Is Microsoft Daemon Mac
The latest version of Microsoft AU Daemon is 2.1 on Mac Informer. It is a perfect match for the General category. The app is developed by Microsoft. Both Windows and Mac operating systems users can use Outlook. Mac Outlook stores mailbox data items in OLM files which are also known as database files.
- Mac Docker Config
- What Is Microsoft Database Daemon Mac
- Daemon Computing
- What Is Microsoft Daemon On My Mac
- Mac Cue
- What Is Microsoft Au Daemon Mac
- What Is Microsoft Database Daemon On My Mac
-->Applies to:
This topic describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps:
Prerequisites and system requirements
Before you get started, please see the main Microsoft Defender ATP for Mac page for a description of prerequisites and system requirements for the current software version.
In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
Download installation and onboarding packages
Download the installation and onboarding packages from Microsoft Defender Security Center:
In Microsoft Defender Security Center, go to Settings > Machine management > Onboarding.
In Section 1 of the page, set the operating system to Linux, macOS, iOS or Android.
Microsoft word mac date format. Set the deployment method to Mobile Device Management / Microsoft Intune.
In Section 2 of the page, select Download installation package. Save it as wdav.pkg to a local directory.
In Section 2 of the page, select Download onboarding package. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
Create JAMF policies
You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices.
Configuration Profile
The configuration profile contains a custom settings payload that includes the following:
- Microsoft Defender ATP for Mac onboarding information
- Approved Kernel Extensions payload to enable running the Microsoft kernel driver
To set the onboarding information, add a property list file that is named jamf/WindowsDefenderATPOnboarding.plist as a custom setting. To do this, select Computers > Configuration Profiles > New, and then select Application & Custom Settings > Configure. From there, you can upload the property list.
Important
You have to set the Preference Domain to com.microsoft.wdav.atp. There are some changes to the Custom Payloads and also to the Jamf Pro user interface in version 10.18 and later versions. For more information about the changes, see Configuration Profile Payload Settings Specific to Jamf Pro.
Approved Kernel Extension
To approve the kernel extension:
In Computers > Configuration Profiles select Options > Approved Kernel Extensions.
Use UBF8T346G9 for Team Id.
Privacy Preferences Policy Control
Caution
macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device.
If you previously configured Microsoft Defender ATP through JAMF, we recommend applying the following configuration.
Add the following JAMF policy to grant Full Disk Access to Microsoft Defender ATP.
Select Options > Privacy Preferences Policy Control.
Use any identifier and identifier type = Bundle.
Set Code Requirement to
identifier 'com.microsoft.wdav' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9.Set app or service to SystemPolicyAllFiles and access to Allow.
Configuration Profile's Scope
Configure the appropriate scope to specify the devices that will receive the configuration profile.
Open Computers > Configuration Profiles, and select Scope > Targets. From there, select the devices you want to target.
Save the Configuration Profile.
Use the Logs tab to monitor deployment status for each enrolled device.
Notification settings
Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all machines with Defender:
Package
Create a package in Settings > Computer Management > Packages.
Upload the package to the Distribution Point.
In the filename field, enter the name of the package. For example, wdav.pkg.
Policy
Your policy should contain a single package for Microsoft Defender.
Configure the appropriate scope to specify the computers that will receive this policy.
After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled device.
Client device setup
You'll need no special provisioning for a macOS computer, beyond the standard JAMF Enrollment.
Note
After a computer is enrolled, it will show up in the Computers inventory (All Computers).
Open Device Profiles, from the General tab, and make sure that User Approved MDM is set to Yes. If it's currently set to No, the user needs to open System Preferences > Profiles and select Approve on the MDM Profile.
After a moment, the device's User Approved MDM status will change to Yes.
You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages.
Deployment
Enrolled client devices periodically poll the JAMF Server, and install new configuration profiles and policies as soon as they are detected.
Status on the server
You can monitor deployment status in the Logs tab:
- Pending means that the deployment is scheduled but has not yet happened
- Completed means that the deployment succeeded and is no longer scheduled
Status on client device
After the Configuration Profile is deployed, you'll see the profile for the device in System Preferences > Profiles >.
Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner.
You can monitor policy installation on a device by following the JAMF log file:
You can also check the onboarding status:
licensed: This confirms that the device has an ATP license.
orgid: Your Microsoft Defender ATP org id; it will be the same for your organization.
Check onboarding status
Mac Docker Config
You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
If an Office application such as Word or Excel isn’t working correctly, sometimes restarting it will fix the problem. If that doesn’t work, you can try repairing it. When you’re done, you might need to restart your computer. Repair Office from the Control Panel. The steps to access the repair tool vary depending on your operating system.
The above command prints '1' if the product is onboarded and functioning as expected.
If the product is not healthy, the exit code (which can be checked through echo $?) indicates the problem:
- 0 if the device is not yet onboarded
- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running
Logging installation issues
See Logging installation issues for more information on how to find the automatically generated log that is created by the installer when an error occurs.
Uninstallation
This method is based on the script described in Uninstalling.
Script
Create a script in Settings > Computer Management > Scripts.
This script removes Microsoft Defender ATP from the /Applications directory:
Policy
Your policy should contain a single script:
Configure the appropriate scope in the Scope tab to specify the machines that will receive this policy.
-->Applies to:
Collecting diagnostic information
If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
Increase logging level:
Reproduce the problem
Run
sudo mdatp --diagnostic --createto backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.Restore logging level:
Logging installation issues
If an error occurs during installation, the installer will only report a general failure.
The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
Interactive uninstallation
- Open Finder > Applications. Right click on Microsoft Defender ATP > Move to Trash.
What Is Microsoft Database Daemon Mac
From the command line
Daemon Computing
sudo rm -rf '/Applications/Microsoft Defender ATP.app'sudo rm -rf '/Library/Application Support/Microsoft/Defender/'
Configuring from the command line
What Is Microsoft Daemon On My Mac
Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
Mac Cue
| Group | Scenario | Command |
|---|---|---|
| Configuration | Turn on/off real-time protection | mdatp --config realTimeProtectionEnabled [true/false] |
| Configuration | Turn on/off cloud protection | mdatp --config cloudEnabled [true/false] |
| Configuration | Turn on/off product diagnostics | mdatp --config cloudDiagnosticEnabled [true/false] |
| Configuration | Turn on/off automatic sample submission | mdatp --config cloudAutomaticSampleSubmission [true/false] |
| Configuration | Turn on PUA protection | mdatp --threat --type-handling potentially_unwanted_application block |
| Configuration | Turn off PUA protection | mdatp --threat --type-handling potentially_unwanted_application off |
| Configuration | Turn on audit mode for PUA protection | mdatp --threat --type-handling potentially_unwanted_application audit |
| Diagnostics | Change the log level | mdatp --log-level [error/warning/info/verbose] |
| Diagnostics | Generate diagnostic logs | mdatp --diagnostic --create |
| Health | Check the product's health | mdatp --health |
| Protection | Scan a path | mdatp --scan --path [path] |
| Protection | Do a quick scan | mdatp --scan --quick |
| Protection | Do a full scan | mdatp --scan --full |
| Protection | Cancel an ongoing on-demand scan | mdatp --scan --cancel |
| Protection | Request a security intelligence update | mdatp --definition-update |
| EDR | Turn on/off EDR preview for Mac | mdatp --edr --early-preview [true/false] OR mdatp --edr --earlyPreview [true/false] for versions earlier than 100.78.0 |
| EDR | Add group tag to machine. EDR tags are used for managing machine groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups | mdatp --edr --set-tag GROUP [name] |
| EDR | Remove group tag from machine | mdatp --edr --remove-tag [name] |
Client Microsoft Defender ATP quarantine directory
What Is Microsoft Au Daemon Mac
/Library/Application Support/Microsoft/Defender/quarantine/ contains the files quarantined by mdatp. The files are named after the threat trackingId. The current trackingIds is shown with mdatp --threat --list --pretty.
Microsoft Defender ATP portal information
What Is Microsoft Database Daemon On My Mac
This blog provides detailed guidance on what to expect in Microsoft Defender ATP Security Center.