Hey, got a mystery to solve.

We’re using Intune and Defender as our MDM/antivirus setup in the company.

Defender is deployed via Intune with custom plist files like in the docs:
https://learn.microsoft.com/en-us/defender-endpoint/mac-install-with-intune
Used ones are now:
-Approve extensions
-Full Disk Access
-Background services
-Notifications
-Onboarding package

After recent problems with network extensions in macOS Sequoia 15.* we decided to resign from Network filter (network extension) at all.
We were deploying Network filter profile before (but we were not using it, cause we don’t use web content filtering at all and it’s disabled both in Defender and network protection is disabled in antivirus policy at Intune Endpoint security | Antivirus -> Policy).

For some reason despite deleting network extension as approved extension and no existing netfilter profile in Intune…. network extension is being installed on the endpoints and network filter is still showing up at endpoints requiring to allow content filtering (if you choose Don’t allow it popups miliion times). How to stop it from being installed and force do be allowed?

Does Defender requires network extension (com.microsoft.wdav.netext) for something else to work properly apart from web content filtering? Why is it still being pushed to the stations?

Need some guidance, tips, tricks, I’m running out of ideas.

​Hey, got a mystery to solve.We’re using Intune and Defender as our MDM/antivirus setup in the company.Defender is deployed via Intune with custom plist files like in the docs:https://learn.microsoft.com/en-us/defender-endpoint/mac-install-with-intuneUsed ones are now:-Approve extensions-Full Disk Access-Background services-Notifications-Onboarding packageAfter recent problems with network extensions in macOS Sequoia 15.* we decided to resign from Network filter (network extension) at all.We were deploying Network filter profile before (but we were not using it, cause we don’t use web content filtering at all and it’s disabled both in Defender and network protection is disabled in antivirus policy at Intune Endpoint security | Antivirus -> Policy).For some reason despite deleting network extension as approved extension and no existing netfilter profile in Intune…. network extension is being installed on the endpoints and network filter is still showing up at endpoints requiring to allow content filtering (if you choose Don’t allow it popups miliion times). How to stop it from being installed and force do be allowed?Does Defender requires network extension (com.microsoft.wdav.netext) for something else to work properly apart from web content filtering? Why is it still being pushed to the stations?Need some guidance, tips, tricks, I’m running out of ideas.  Read More

​