Microsoft Intune-based deployment

Applies to:

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac


This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Prerequisites and system requirements

Before you get started, please see the main Microsoft Defender ATP for Mac page for a description of prerequisites and system requirements for the current software version.

Download installation and onboarding packages

Download the installation and onboarding packages from Microsoft Defender Security Center:

  1. In Microsoft Defender Security Center, go to Settings > Device Management > Onboarding.

  2. In Section 1 of the page, set the operating system to Linux, macOS, iOS or Android and the deployment method to Mobile Device Management / Microsoft Intune.

  3. In Section 2 of the page, select Download installation package. Save it as wdav.pkg to a local directory.

  4. In Section 2 of the page, select Download onboarding package. Save it as to the same directory.

  5. Download IntuneAppUtil from

    Windows Defender Security Center screenshot

  6. From a command prompt, verify that you have the three files. Extract the contents of the .zip files:

    mavel-macmini:Downloads test$ ls -l
    total 721688
    -rw-r--r--  1 test  staff     269280 Mar 15 11:25 IntuneAppUtil
    -rw-r--r--  1 test  staff      11821 Mar 15 09:23
    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
    mavel-macmini:Downloads test$ unzip
    warning: appears to use backslashes as path separators
      inflating: intune/kext.xml
      inflating: intune/WindowsDefenderATPOnboarding.xml
      inflating: jamf/WindowsDefenderATPOnboarding.plist
    mavel-macmini:Downloads test$
  7. Make IntuneAppUtil an executable:

    mavel-macmini:Downloads test$ chmod +x IntuneAppUtil

  8. Create the wdav.pkg.intunemac package from wdav.pkg:

    mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "" -n "1.0.0"
    Microsoft Intune Application Utility for Mac OS X
    Copyright 2018 Microsoft Corporation
    Creating intunemac file for /Users/test/Downloads/wdav.pkg
    Composing the intunemac file output
    Output written to ./wdav.pkg.intunemac.
    IntuneAppUtil successfully processed "wdav.pkg",
    to deploy refer to the product documentation.

Client device setup

You need no special provisioning for a Mac device beyond a standard Company Portal installation.

  1. You'll be asked to confirm device management.

Confirm device management screenshot

Select Open System Preferences, locate Management Profile on the list and select Approve.... Your Management Profile would be displayed as Verified:

Management profile screenshot

  1. Select Continue and complete the enrollment.

You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.

  1. In Intune, open Manage > Devices > All devices. You'll see your device among those listed:

Add Devices screenshot

Create System Configuration profiles

  1. In Intune, open Manage > Device configuration. Select Manage > Profiles > Create Profile.

  2. Choose a name for the profile. Change Platform=macOS to Profile type=Custom. Select Configure.

  3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.

  4. Select OK.

    System configuration profiles screenshot

  5. Select Manage > Assignments. In the Include tab, select Assign to All Users & All devices.

  6. Repeat steps 1 through 5 for additional profiles.

  7. Create a new profile one more time, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.

  8. Select Manage > Assignments. In the Include tab, select Assign to All Users & All devices.

Once the Intune changes are propagated to the enrolled devices, you'll see them listed under Monitor > Device status:

System configuration profiles screenshot

Publish application

  1. In Intune, open the Manage > Client apps blade. Select Apps > Add.

  2. Select App type=Other/Line-of-business app.

  3. Select file=wdav.pkg.intunemac. Select OK to upload.

  4. Select Configure and add the required information.

  5. Use macOS Sierra 10.12 as the minimum OS. Other settings can be any arbitrary value.

    Device status blade screenshot

  6. Select OK and Add.

    Device status blade screenshot

  7. It may take a few moments to upload the package. After it's done, select the package from the list and go to Assignments and Add group.

    Client apps screenshot

  8. Change Assignment type to Required.

  9. Select Included Groups. Select Make this app required for all devices=Yes. Select Select group to include and add a group that contains the users you want to target. Select OK and Save.

    Intune assignments info screenshot

  10. After some time the application will be published to all enrolled devices. You'll see it listed on Monitor > Device, under Device install status:

    Intune device status screenshot

Verify client device state

  1. After the configuration profiles are deployed to your devices, open System Preferences > Profiles on your Mac device.

    System Preferences screenshot System Preferences Profiles screenshot

  2. Verify that the following configuration profiles are present and installed. The Management Profile should be the Intune system profile. Wdav-config and wdav-kext are system configuration profiles that we added in Intune.: Profiles screenshot

  3. You should also see the Microsoft Defender icon in the top-right corner:

    Microsoft Defender icon in status bar screenshot

Logging installation issues

See Logging installation issues for more information on how to find the automatically generated log that is created by the installer when an error occurs.


See Uninstalling for details on how to remove Microsoft Defender ATP for Mac from client devices.