Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers


Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. For more information about Microsoft Purview, see the blog announcement and the What is Microsoft Purview? article.

You can use JAMF Pro to onboard macOS devices into Microsoft Purview solutions.


Use this procedure if you have deployed Microsoft Defender for Endpoint (MDE) to your macOS devices

Applies to:

Before you begin

Onboard devices into Microsoft Purview solutions using JAMF Pro

Onboarding a macOS device into Compliance solutions is a multi phase process.

Download the configuration files

  1. You'll need these files for this procedure.
file needed for source
accessibility accessibility.mobileconfig
full disk access fulldisk.mobileconfig
MDE preference schema.json


You can download the .mobileconfig files individually or in single combined file that contains:

  • accessibility.mobileconfig
  • fulldisk.mobileconfig

If any of these individual files is updated, you'd need to download the either the combined file again or the single updated file individually.

Update the existing MDE Preference domain profile using the JAMF PRO console

  1. Update the schema.xml profile with the schema.json file you just downloaded.

  2. Under MDE Preference Domain Properties choose these settings

    • Features
      • Use System Extensions: enabled - required for network extensions on Catalina
      • Use Data Loss Prevention: enabled
  3. Choose the Scope tab.

  4. Choose the groups to deploy this configuration profile to.

  5. Choose Save.

Update the configuration profile for Grant full disk access

  1. Update the existing full disk access profile with the fulldisk.mobileconfig file.

  2. Upload the fulldisk.mobileconfig file to JAMF. Refer to Deploying Custom Configuration Profiles using JAMF Pro.

Grant accessibility access to DLP

  1. Use the accessibility.mobileconfig file you previously downloaded.

  2. Upload to JAMF as described in Deploying Custom Configuration Profiles using Jamf Pro.

Check the macOS device

  1. Restart the macOS device.

  2. Open System Preferences > Profiles.

  3. You should see:

    • Accessiblity
    • Full Disk Access
    • Kernel Extension Profile
    • MAU
    • MDATP Onboarding
    • MDE Preferences
    • Management profile
    • Network filter
    • Notifications
    • System extension profile

Offboard macOS devices using JAMF Pro


Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months.

To offboard a macOS device, follow these steps

  1. Under MDE Preference Domain Properties remove the values for these settings

    • Features
      • Use System Extensions
      • Use Data Loss Prevention
  2. Choose Save.