Skip to content

Commit

Permalink
Merge branch 'public' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@denisebmsft
denisebmsft authored Aug 27, 2024
2 parents c75ffa4 + 546e116 commit b6bcd32
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 30 deletions.
39 changes: 22 additions & 17 deletions defender-endpoint/mac-jamfpro-policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ ms.collection:
ms.topic: conceptual
ms.subservice: macos
search.appverid: met150
ms.date: 05/20/2024
ms.date: 08/26/2024
---

# Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro
Expand All @@ -31,7 +31,10 @@ Use this article to set up policies for Defender for Endpoint on Mac using Jamf

## Step 1: Get the Microsoft Defender for Endpoint onboarding package

1. In [Microsoft Defender XDR](https://security.microsoft.com), navigate to **Settings > Endpoints > Onboarding**.
> [!IMPORTANT]
> You must have an appropriate role assigned to view, manage, and onboard devices. For more information, see [Manage access to Microsoft Defender XDR with Microsoft Entra global roles](/defender-xdr/m365d-permissions#manage-access-to-microsoft-defender-xdr-with-microsoft-entra-global-roles).
1. In the [Microsoft Defender Portal](https://security.microsoft.com), navigate to **Settings** > **Endpoints** > **Onboarding**.

2. Select macOS as the operating system and Mobile Device Management / Microsoft Intune as the deployment method.

Expand All @@ -53,7 +56,7 @@ Use this article to set up policies for Defender for Endpoint on Mac using Jamf

:::image type="content" source="media/jamf-pro-configure-profile.png" alt-text="The page on which you create a new Jamf Pro dashboard." lightbox="media/jamf-pro-configure-profile.png":::

3. Enter the following details in the **General** tab:
3. On the **General** tab, specify the following details:

- **Name**: `MDE onboarding for macOS`
- **Description**: `MDE EDR onboarding for macOS`
Expand Down Expand Up @@ -144,7 +147,7 @@ Note that you must use exact `com.microsoft.wdav` as the **Preference Domain**;
curl -o ~/Documents/schema.json https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/schema/schema.json
```

2. Create a new configuration profile. Under **Computers**, go to **Configuration Profiles**, and then specify the following details on the **General** tab:
2. Create a new configuration profile. Under **Computers**, go to **Configuration Profiles**, and then, on the **General** tab, specify the following details:

:::image type="content" source="media/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="A new profile." lightbox="media/644e0f3af40c29e80ca1443535b2fe32.png":::

Expand Down Expand Up @@ -325,7 +328,7 @@ Microsoft Defender for Endpoint adds new settings over time. These new settings
:::image type="content" source="media/644e0f3af40c29e80ca1443535b2fe32.png" alt-text="The page displaying a new profile." lightbox="media/644e0f3af40c29e80ca1443535b2fe32.png":::
4. Enter the following details on the **General** tab:
4. On the **General** tab, specify the following details:
- **Name**: `MDATP MDAV configuration settings`
- **Description**: `<blank>`
Expand Down Expand Up @@ -394,11 +397,12 @@ Microsoft Defender for Endpoint adds new settings over time. These new settings
## Step 4: Configure notifications settings
These steps are applicable on macOS 11 (Big Sur) or later.
> [!NOTE]
> These steps are applicable on macOS 11 (Big Sur) or later. Even though Jamf supports notifications on macOS version 10.15 or later, Defender for Endpoint on Mac requires macOS 11 or later.
1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**.
2. Select **New**, and enter the following details in the **General** tab for **Options**:
2. Select **New**, and then, on the **General** tab, for **Options**, specify the following details:
- **Name**: `MDATP MDAV Notification settings`
- **Description**: `macOS 11 (Big Sur) or later`
Expand All @@ -408,7 +412,7 @@ These steps are applicable on macOS 11 (Big Sur) or later.
:::image type="content" source="media/c9820a5ff84aaf21635c04a23a97ca93.png" alt-text="The new macOS configuration profile page." lightbox="media/c9820a5ff84aaf21635c04a23a97ca93.png":::
- Tab **Notifications**, select **Add**, and enter the following values:
- On the **Notifications** tab, select **Add**, and specify the following values:
- **Bundle ID**: `com.microsoft.wdav.tray`
- **Critical Alerts**: Select **Disable**
- **Notifications**: Select **Enable**
Expand All @@ -419,7 +423,7 @@ These steps are applicable on macOS 11 (Big Sur) or later.
:::image type="content" source="media/7f9138053dbcbf928e5182ee7b295ebe.png" alt-text="The configuration settings mdatpmdav notifications tray." lightbox="media/7f9138053dbcbf928e5182ee7b295ebe.png":::
- Tab **Notifications**, select **Add** one more time, scroll down to **New Notifications Settings**
- On the **Notifications** tab, select **Add** one more time, and then scroll down to **New Notifications Settings**
- **Bundle ID**: `com.microsoft.autoupdate.fba`
- Configure the rest of the settings to the same values mentioned earlier
Expand Down Expand Up @@ -472,7 +476,7 @@ These steps are applicable on macOS 11 (Big Sur) or later.

:::image type="content" source="media/eaba2a23dd34f73bf59e826217ba6f15.png" alt-text="The configuration settings." lightbox="media/eaba2a23dd34f73bf59e826217ba6f15.png":::

4. Enter the following details on the **General** tab:
4. On the **General** tab, specify the following details:

- **Name**: `MDATP MDAV MAU settings`
- **Description**: `Microsoft AutoUpdate settings for MDATP for macOS`
Expand Down Expand Up @@ -531,7 +535,7 @@ These steps are applicable on macOS 11 (Big Sur) or later.

2. Select **+ New**.

3. Enter the following details on the **General** tab:
3. On the **General** tab, specify the following details:

- **Name**: `MDATP MDAV - grant Full Disk Access to EDR and AV`
- **Description**: `On macOS 11 (Big Sur) or later, the new Privacy Preferences Policy Control`
Expand Down Expand Up @@ -619,7 +623,7 @@ Alternatively, you can download [fulldisk.mobileconfig](https://github.com/micro

:::image type="content" source="media/6c8b406ee224335a8c65d06953dc756e.png" alt-text="The automatically generated social media post's description." lightbox="media/6c8b406ee224335a8c65d06953dc756e.png":::

2. Enter the following details on the **General** tab:
2. On the **General** tab, specify the following details:

- **Name**: `MDATP MDAV System Extensions`
- **Description**: `MDATP system extensions`
Expand Down Expand Up @@ -666,22 +670,23 @@ Alternatively, you can download [fulldisk.mobileconfig](https://github.com/micro

## Step 8: Configure Network Extension

As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender portal. The following policy allows the network extension to perform this functionality.
As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender portal.

These steps are applicable on macOS 11 (Big Sur) or later.
> [!NOTE]
> These steps are applicable on macOS 11 (Big Sur) or later. Even though Jamf supports notifications on macOS version 10.15 or later, Defender for Endpoint on Mac requires macOS 11 or later.

1. In the Jamf Pro dashboard, select **Computers**, then **Configuration Profiles**.

2. Select **New**, and enter the following details for **Options**:

- Tab **General**:
- On the **General** tab, specify the following values:
- **Name**: `Microsoft Defender Network Extension`
- **Description**: `macOS 11 (Big Sur) or later`
- **Category**: `None *(default)*`
- **Distribution Method**: `Install Automatically *(default)*`
- **Level**: `Computer Level *(default)*`

- Tab **Content Filter**:
- On the **Content Filter** tab, specify the following values:
- **Filter Name**: `Microsoft Defender Content Filter`
- **Identifier**: `com.microsoft.wdav`
- Leave **Service Address**, **Organization**, **User Name**, **Password**, **Certificate** blank (**Include** is *not* selected)
Expand Down Expand Up @@ -793,7 +798,7 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint

:::image type="content" source="media/57aa4d21e2ccc65466bf284701d4e961.png" alt-text="The bird Description for an automatically generated package." lightbox="media/57aa4d21e2ccc65466bf284701d4e961.png":::

6. In the **General tab**, enter the following details in **New Package**:
6. On the **General tab**, in **New Package**, specify the following details:

- **Display Name**: Leave it blank for now. Because it is reset when you choose your pkg.
- **Category**: `None (default)`
Expand Down
31 changes: 18 additions & 13 deletions defender-xdr/data-privacy.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
title: Microsoft Defender XDR data security and privacy
title: Data retention and data security in Microsoft Defender XDR
description: Describes the privacy and data security of the service.
ms.service: defender-xdr
f1.keywords:
- NOCSH
ms.author: macapara
author: mjcaparas
author: diannegali
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
Expand All @@ -19,25 +19,30 @@ ms.topic: conceptual
search.appverid:
- MOE150
- MET150
ms.date: 08/12/2024
ms.date: 08/19/2024
appliesto: Microsoft Defender XDR
---

# Microsoft Defender XDR data security and privacy
# Data security and retention in Microsoft Defender XDR

[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]

Microsoft Defender XDR operates in Microsoft Azure data centers in the European Union, the United Kingdom, the United States, Australia, and Switzerland. Customer data collected by the service is stored at rest in (a) the geo-location of the tenant as identified during provisioning or, (b) the geo-location as defined by the data storage rules of an online service if this online service is used by Microsoft Defender XDR to process such data.

**Applies to:**
- Microsoft Defender XDR
Customer data in pseudonymized form might also be stored in central storage and processing systems in the United States.

Microsoft Defender XDR operates in Microsoft Azure data centers in the European Union, the United Kingdom, the United States, Australia, Switzerland, and India. Customer data collected by the service is stored at rest in (a) the geo-location of the tenant as identified during provisioning or, (b) the geo-location as defined by the data storage rules of an online service if this online service is used by Microsoft Defender XDR to process such data.
The table below shows the general information on the data retention of specific service sources in Defender XDR:

Customer data in pseudonymized form might also be stored in central storage and processing systems in the United States.
|Product|Default data retention period|More information|
|:---|:---|:---|
|Microsoft Defender for Endpoint|180 days|[Defender for Endpoint data storage and privacy](/defender-endpoint/data-storage-privacy)|
|Microsoft Defender for Office 365|Varies according to feature and license|[Defender for Office 365 data retention information](/defender-office-365/mdo-data-retention)|
|Microsoft Defender for Identity|180 days|[Defender for Identity data storage and privacy](/defender-for-identity/privacy-compliance)|
|Microsoft Defender for Cloud Apps|180 days|[Defender for Cloud Apps data storage and privacy](/defender-cloud-apps/cas-compliance-trust)|
|Microsoft Entra|Varies according to feature and license|[Microsoft Entra data storage and privacy](/entra/identity/monitoring-health/reference-reports-data-retention)|
|Microsoft Sentinel|90 days for Basic logs, varies depending on pricing|[Microsoft Sentinel pricing](https://azure.microsoft.com/pricing/details/microsoft-sentinel/)|

For more information on the data storage and privacy information of the specific products, see:
- [Microsoft Defender for Endpoint data storage and privacy](/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy)
- [Microsoft Defender for Cloud Apps data security and privacy](/cloud-app-security/cas-compliance-trust)
- [Microsoft Defender for Identity data security and privacy](/defender-for-identity/privacy-compliance)
- [Microsoft 365 privacy, security, and transparency](/office365/servicedescriptions/office-365-platform-service-description/privacy-security-and-transparency#advanced-threat-protection)
> [!NOTE]
> [Advanced hunting](advanced-hunting-overview.md) lets you query up to 30 days of raw data.
[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

0 comments on commit b6bcd32

Please sign in to comment.