Microsoft is rebranding Windows Defender Advanced Threat Protection (ATP) to Microsoft Defender ATP as it’s bringing the service to Macs.
Core components of the company's unified endpoint security platform, including the new Threat & Vulnerability Management, will now be available for Mac devices.
There are two key parts for cross-platform support for Microsoft Defender ATP on Mac. Firstly, a new user interface on Mac clients called Microsoft Defender ATP. The user interface brings a similar experience to what you may have seen today on Windows 10 devices.
Microsoft Defender ATP can be installed on devices running macOS Mojave, macOS High Sierra, or macOS Sierra.
Microsoft is offering a "limited preview" of the app, which provides antimalware protection and allows end users to review and perform configuration of their protection, including:
- Running scans, including full, quick, and custom path scans
- Reviewing detected threats
- Taking actions on threats, including quarantine, remove, or allow
Users will also be able to configure advanced settings, for example:
- Disable or enable real-time protection, cloud-delivered protection, and automatic sample submission
- Add exclusions for files and paths
- Manage notifications when threats are found
- Manually chec for security intelligence updates
Some of these options can be disabled by an administrator using Microsoft Intune or other Mac management consoles to prevent end users from making changes.
The Microsoft AutoUpdate service is also installed, which ensures that the app is kept up-to-date and is connected to the cloud.
Machines with alerts and detections will be surfaced in the Microsoft Defender ATP portal, including rich context and alert process trees. Drilling deeper into individual alerts shows detailed information, including the process tree related to the alert, and further machine context.
Microsoft Defender ATP users can now apply for preview, and Microsoft will contact customers via email to confirm their participation.