Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article lists the prerequisites for installing and configuring Microsoft Defender for Endpoint on macOS. It also includes links to additional resources for more information.
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint Plan 1 and Plan 2
- Microsoft Defender for Business
- Microsoft Defender for Individuals
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Important
If you want to run multiple security solutions side by side, see Considerations for performance, configuration, and support.
You might have already configured mutual security exclusions for devices onboarded to Microsoft Defender for Endpoint. If you still need to set mutual exclusions to avoid conflicts, see Add Microsoft Defender for Endpoint to the exclusion list for your existing solution.
Prerequisites, installation, and configuration instructions
Prerequisites
- A Defender for Endpoint subscription and access to the Microsoft Defender portal
- Beginner-level experience in macOS and BASH scripting
- For manual deployments, administrative privileges on the device
- For enterprise deployments, a Mobile Device Management (MDM) solution such as Microsoft Intune
- Network connectivity to the Microsoft Defender for Endpoint service.
System requirements
These three most recent major releases of macOS are supported.
- 15.0.1 (Sequoia)
- 14 (Sonoma)
- 13 (Ventura)
Note
Beta versions of macOS aren't supported, but new releases of macOS are supported from day 1.
- Supported processors: x64 and ARM64
- Disk space: 1 GB
Caution
We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
Enterprise deployment requirements
There are several methods and deployment tools that you can use to centrally install and configure Defender for Endpoint on macOS across your devices:
- Microsoft Intune-based deployment
- Security Settings Management
- Non-Microsoft management tools:
Manual deployment requirements
You can also configure Defender for Endpoint on macOS locally
- Command-line tool: Manual deployment
Licensing requirements
Microsoft Defender for Endpoint on macOS requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5
- Microsoft 365 E5 Security
- Microsoft 365 A5
- Windows 10 Enterprise E5
- Microsoft 365 Business Premium
- Windows 11 Enterprise E5
- Microsoft Defender for Endpoint P2 (included in Microsoft 365 E5 and E5 Security)
- Microsoft Defender for Endpoint P1 (included in Microsoft 365 E3)
Note
Eligible licensed users might use Microsoft Defender for Endpoint on up to five concurrent devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it doesn't require Microsoft Volume Licensing offers listed.
Network connectivity
Ensure that connectivity is possible from your devices to Microsoft Defender for Endpoint cloud services. To prepare your environment, reference STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service.
Microsoft Defender for Endpoint can connect through a proxy server by using the following methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
Warning
Authenticated proxies aren't supported. Ensure that only PAC, WPAD, or a static proxy is being used. SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store doesn't allow for interception.
Next steps
Onboard client devices to Microsoft Defender for Endpoint
Onboarding Microsoft Defender for Endpoint for macOS requires the following steps:
- First, ensure that the device meets the system requirements and network connectivity requirements.
- Next, install the .pkg containing the software
- Next, install the required system extensions
- Finally, on-board the device to Microsoft Defender for Endpoint
See Onboard client devices running macOS to Microsoft Defender for Endpoint for details.
Test network connectivity
To test that a connection isn't blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.
If you prefer the command line, you can also check the connection by running the following command in Terminal:
curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
The output from this command should be similar to the following:
OK https://x.cp.wd.microsoft.com/api/report
OK https://cdn.x.cp.wd.microsoft.com/ping
Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
mdatp connectivity test
Related content
- For more information about logging, uninstalling, or other articles, see Resources for Microsoft Defender for Endpoint on macOS.
- Privacy for Microsoft Defender for Endpoint on macOS.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.