Re: Defender for ATP deployment MacOS, automatical...

Aazuuu · ‎03-29-2022

Hi,

We are deploying Defender for Endpoint to MacOS with WorkspaceOne.

Everything else is pretty much ok, but clients get popup to allow "Microsoft Defender would like to filter network content."

If now allowed or doing config without this popup, getting error that network event provider is not running.

Anyone got ideas, how to silently allow this to client computers, without need for user interaction?

Thanks!

ogushia · ‎04-03-2022

I have experienced similar issue when installing another EDR (Carbon Black).
In case of CB, Content Filter profile is required to approve the network extension automaticaly.
As with CB, it seems that a network extension policy needs to be deployed.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm...

I think Content Filter profile setting for MDATP will be like following.

aaronbshepherd · ‎07-13-2022

Is this working for you? I can not get it to work at all. Please Advise

ogushia · ‎08-01-2022

It seems to work fine in my test environment.
After applying the content filter profile, the popup no longer appears.

Have you set up other required profile like following?
●System extension policy
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm...

●Full disk access policy
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm...

tylerharris · ‎09-06-2022

I configured the "Content Filter" as per Microsoft's documentation and no longer receive the popup message. However, the network service is always marked as "Not Running". If I remove the content filter profile and manually click "Allow" to the popup dialog box, it shows as "Running". Any thoughts? Is this the same experience as anyone else when deploying via WS1?

All

Defender for ATP deployment MacOS, automatically allow Filter Network Content

Apple Management

Workspace ONE UEM