Enable Zero Touch Enrollment of MDE on macOS devices managed by Microsoft Intune
Introduction
Microsoft Defender for Endpoint (MDE) is a unified endpoint security platform that helps protect your organization from advanced threats. MDE provides threat detection, investigation, and response capabilities across Windows, Linux, Android, and macOS devices.
To deploy MDE on macOS devices, you need to install the MDE agent and enroll the devices to the MDE service. You can use Microsoft Intune, a cloud-based device management service, to automate the installation and enrollment process. This blog post explains how to use Intune to achieve zero touch enrollment of MDE on macOS devices.
Prerequisites
Before you start, make sure you have the following:
User assigned with licenses for MDE and Intune.
A supported macOS version (three most recent major releases are supported)
The expectation in this blog post is that the device is already enrolled into Intune. It doesn’t cover the Intune enrollment methods and enrollment type doesn’t change the MDE onboarding.
Configuration Steps
The table below lists the mandatory steps for a successful MDE deployment on macOS. The column Purpose in the table calls out required configuration steps, click on each hyperlink to follow the guided instructions from our Learn Docs.
Step
Purpose
Type
Reference
1
Intune Configuration Profile – Extensions
Note: If you already have an existing Configuration profile with Bundle Identifier, you may want to merge this together since Apple only supports one.
2
Intune Configuration Profile – Custom
3
4
5
6
7
Onboarding Blob
8
Application – Native Intune
Optional Steps
Additionally, you may want to further customize the MDE configurations. Below are a few suggestions, follow the guided instructions from our Learn Docs.
Configuration
Short Description
Location
Configure Bluetooth policies for Device Control. (starting macOS 14)
Intune Custom Configuration Profile
Choose between Beta; Preview and Production Channels
Intune Custom Configuration Profile
Configuration settings for AV; Exclusions and EDR.
Intune Portal or Defender Portal
Reduce attack surface from Internet-based events like phishing;exploits;malicious content
Defender Portal
Deploy Device Control Policies
Removable devices controls like allow;block;read;write
Intune Portal or Defender Portal
Enable Data Loss Prevention (DLP)
Purview’s DLP Integration with MDE.
Intune Custom Configuration Profile
Verification & Monitoring
The MDE agent will be installed and enrolled silently on the macOS devices that you targeted. The agent icon will appear on the macOS desktop menu bar at the top of the screen.
Refer the screenshots below to click on the MDE icon to launch the app and view details.
Additionally, you can verify the installation and enrollment status by launching the Terminal app and execute the following command: “mdatp health”.
The output reports the overall MDE health status including Configs; Definitions; Device/Org IDs. You can refer the [managed] policies from your configurations.
As an IT admin, you can launch Microsoft Defender portal to view the device’s health, associated incidents, security recommendations, inventory and discovered vulnerabilities.
Click on the device for more information.
Other Installation Methods
Intune is one of the deployment tools for MDE, however you can choose other ways to deploy MDE. Below are a few callouts:
Command Line – Manual Deployment
Thanks,
Arnab Mitra
Microsoft Tech Community – Latest Blogs –Read More