One Of A Kind Defense Mac OS
Applies to:
Sun refugee Bill Joy talks about greedy markets, reckless science, and runaway technology. On the plus side, there’s still some good software out there. There are geeks and then there’s Bill. The Apple One free trial includes only services that you are not currently using through a free trial or a subscription. Plan automatically renews after trial until cancelled. Restrictions and other terms apply. $4.99/month after free trial. One subscription per Family Sharing group. Offer good for 3 months after eligible device activation. Using Adium to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email. Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for. The Apple One free trial includes only services that you are not currently using through a free trial or a subscription. Plan automatically renews after trial until cancelled. Restrictions and other terms apply. $4.99/month after free trial. One subscription per Family Sharing group. Offer good for 3 months after eligible device activation.
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
This topic describes how to install, configure, update, and use Defender for Endpoint on Mac.
Caution
Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint on Mac EDR functionality after configuring the antivirus functionality to run in Passive mode.
What’s new in the latest release
Tip
If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint on Mac on your device and navigating to Help > Send feedback.
To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an 'Insider' device.
How to install Microsoft Defender for Endpoint on Mac
Prerequisites
- A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
- Beginner-level experience in macOS and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
Installation instructions
There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.
Third-party management tools:
Command-line tool:
System requirements
One Of A Kind Defense Mac Os Update
The three most recent major releases of macOS are supported.
Important
On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on New configuration profiles for macOS Catalina and newer versions of macOS.
Important
Support for macOS 10.13 (High Sierra) has been discontinued as of February 15th, 2021.
- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave)
- Disk space: 1GB
Beta versions of macOS are not supported.
macOS devices with M1 processors are not supported.
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
Licensing requirements
Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5 (M365 E5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
Note
Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices.Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
Network connections
The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
| Spreadsheet of domains list | Description |
|---|---|
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS. Download the spreadsheet here: mdatp-urls.xlsx. |
Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
Warning
Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.
If you prefer the command line, you can also check the connection by running the following command in Terminal:
The output from this command should be similar to the following:
OK https://x.cp.wd.microsoft.com/api/report
OK https://cdn.x.cp.wd.microsoft.com/ping
Caution
We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
How to update Microsoft Defender for Endpoint on Mac
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.
How to configure Microsoft Defender for Endpoint on Mac
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender for Endpoint on Mac.
macOS kernel and system extensions
In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint on Mac update that leverages system extensions instead of kernel extensions. For relevant details, see What's new in Microsoft Defender for Endpoint on Mac.
Resources
For more information about logging, uninstalling, or other topics, see Resources for Microsoft Defender for Endpoint on Mac.
Privacy for Microsoft Defender for Endpoint on Mac.
NOTE: This guide is not being actively reviewed or updated, and is currently retired. If you would like to use Adium or another form of OTR messaging for macOS, please refer to those services’ websites and documentation for information on how to install and use them.
Adium is a free and open source instant messaging client for OS X that allows you to chat with individuals across multiple chat protocols, including Google Hangouts, Yahoo! Messenger, Windows Live Messenger, AIM, ICQ, and XMPP.
OTR (Off-the-record) is a protocol that allows people to have confidential conversations using the messaging tools they’re already familiar with. This should not be confused with Google's “Off the record,” which merely disables chat logging, and does not have encryption or verification capabilities. For Mac users, OTR comes built-in with the Adium client.
OTR employs end-to-end encryption. This means that you can use it to have conversations over services like Google Hangouts without those companies ever having access to the contents of the conversations. However, the fact that you are having a conversation is visible to the provider.
Why Should I Use Adium + OTR? Anchor link
When you have a chat conversation using Google Hangouts on the Google website, that chat is encrypted using HTTPS, which means the content of your chat is protected from hackers and other third parties while it’s in transit. It is not, however, protected from Google, which have the keys to your conversations and can hand them over to authorities or use them for marketing purposes.
After you have installed Adium, you can sign in to it using multiple accounts at the same time. For example, you could use Google Hangouts and XMPP simultaneously. Adium also allows you to chat using these tools without OTR. Since OTR only works if both people are using it, this means that even if the other person does not have it installed, you can still chat with them using Adium.
Adium also allows you to do out-of-band verification to make sure that you’re talking to the person you think you’re talking to and you are not being subject to a man-in-the-middle attack. For every conversation, there is an option that will show you the key fingerprints it has for you and the person with whom you are chatting. A 'key fingerprint' is a string of characters like '342e 2309 bd20 0912 ff10 6c63 2192 1928,” that’s used to verify a longer public key. Exchange your fingerprints through another communications channel, such as Twitter DM or email, to make sure that no one is interfering with your conversation. If the keys don't match, you can't be sure you're talking to the right person. In practice, people often use multiple keys, or lose and have to recreate new keys, so don't be surprised if you have to re-check your keys with your friends occasionally.
Limitations: When Should I Not Use Adium + OTR? Anchor link
Technologists have a term to describe when a program or technology might be vulnerable to external attack: they say it has a large “attack surface.” Adium has a large attack surface. It is a complex program, which has not been written with security as a top priority. It almost certainly has bugs, some of which might be used by governments or even big companies to break into computers that are using it. Using Adium to encrypt your conversations is a great defense against the kind of untargeted dragnet surveillance that is used to spy on everyone's Internet conversations, but if you think you will be personally targeted by a well-resourced attacker (like a nation-state), you should consider stronger precautions, such as PGP-encrypted email.
Installing Adium + OTR On Your Mac Anchor link
Step 1: Install the program
What Is The Latest Mac Os
First, go to https://adium.im/ in your browser. Choose “Download Adium 1.5.9.” The file will download as a .dmg, or disk image, and will probably be saved to your “downloads” folder.
Double-click on the file; that will open up a window that looks like this:
Move the Adium icon into the “Applications” folder to install the program. Once the program is installed, look for it in your Applications folder and double-click to open it.
Step 2: Set up your account(s)
First, you will need to decide what chat tools or protocols you want to use with Adium. The setup process is similar, but not identical, for each type of tool. You will need to know your account name for each tool or protocol, as well as your password for each account.
To set up an account, go to the Adium menu at the top of your screen and click “Adium” and then “Preferences.” This will open a window with another menu at the top. Select “Accounts,” then click the “+” sign at the bottom of the window. You will see a menu that looks like this:
Select the program that you wish to sign in to. From here, you will be prompted either to enter your username and password, or to use Adium’s authorization tool to sign in to your account. Follow Adium’s instructions carefully.
How to Initiate an OTR Chat Anchor link
Once you have signed in to one or more of your accounts, you can start using OTR.
Remember: In order to have a conversation using OTR, both people need to be using a chat program that supports OTR.
Step 1: Initiate an OTR Chat
First, identify someone who is using OTR, and initiate a conversation with them in Adium by double-clicking on their name. Once you have opened the chat window, you will see a small, open lock in the upper left-hand corner of the chat window. Click on the lock and select “Initiate Encrypted OTR Chat.”
Step 2: Verify Your Connection
Once you have initiated the chat and the other person has accepted the invitation, you will see the lock icon close; this is how you know that your chat is now encrypted (congratulations!) – But wait, there’s still another step!
At this time, you have initiated an unverified, encrypted chat. This means that while your communications are encrypted, you have not yet determined and verified the identity of the person you are chatting with. Unless you are in the same room and can see each other’s screens, it is important that you verify each other’s identities. For more information, read the module on Key Verification.
To verify another user’s identity using Adium, click again on the lock, and select “Verify.” You will be shown a window that displays both your key and the key of the other user. Some versions of Adium only support manual fingerprint verification. This means that, using some method, you and the person with whom you’re chatting will need to check to make sure that the keys that you are being shown by Adium match precisely.
The easiest way to do this is to read them aloud to one another in person, but that’s not always possible. There are different ways to accomplish this with varying degrees of trustworthiness. For example, you can read your keys aloud to one another on the phone if you recognize each other’s voices or send them using another verified method of communication such as PGP. Some people publicize their key on their website, Twitter account, or business card.
The most important thing is that you verify that every single letter and digit matches perfectly.
One Of A Kind Defense Mac Os X
Step 3: Disable Logging
Now that you have initiated an encrypted chat and verified your chat partner’s identity, there’s one more thing you need to do. Unfortunately, Adium logs your OTR-encrypted chats by default, saving them to your hard drive. This means that, despite the fact that they’re encrypted, they are being saved in plain text on your hard drive.
To disable logging, click “Adium” in the menu at the top of your screen, then “Preferences.” In the new window, select “General” and then disable “Log messages” and “Log OTR-secured chats.” Remember, though, that you do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you yourself have disabled logging.
Your settings should now look like this: