Did you know: MDATP for Mac is moving to use system extensions instead of kernel extensions
Note: this message applies only to organizations with macOS devices in their environments.
In preparation for macOS 11 Big Sur, Microsoft are getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
The update is applicable to devices running macOS version10.15.4 or later.
To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
Key Points:
o Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update by August 10, 2020.
o Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready by September 07, 2020.
How this will affect your organization
To ensure Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version. If such configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
Review the steps below and assess the impact on your organization:
- Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version.
Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will ensure that even down-level devices are prepared for the day when Apple releases macOS 11 Big Sur and will ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade. - Refer to this documentation for detailed configuration information and instructions: New configuration profiles for macOS Catalina and newer versions of macOS
- Monitor “what’s new for Mac” page for an announcement of the actual release of MDATP for Mac agent update: What’s new in Microsoft Defender Advanced Threat Protection for Mac
If you’d like to schedule a free one hour consultation on Microsoft 365 roadmap planning with someone from our Microsoft 365 roadmap services team please contact us
