Mac 上的 Microsoft Defender for EndpointMicrosoft Defender for Endpoint on Mac

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

本主题介绍如何在 Mac 上安装、配置、更新和使用 Defender for Endpoint。This topic describes how to install, configure, update, and use Defender for Endpoint on Mac.

注意

在 Mac 上的 Microsoft Defender for Endpoint 旁边运行其他第三方终结点保护产品可能会导致性能问题和不可预知的副作用。Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on Mac is likely to lead to performance problems and unpredictable side effects. 如果非 Microsoft 终结点保护在你的环境中是绝对要求,在将防病毒功能配置为在被动模式下运行后,你仍然可以安全地利用 Mac EDR 上的 Defender for Endpoint 功能If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint on Mac EDR functionality after configuring the antivirus functionality to run in Passive mode.

最新版本的新增功能What’s new in the latest release

Microsoft Defender for Endpoint 中的新增功能What's new in Microsoft Defender for Endpoint

Mac 上的 Microsoft Defender for Endpoint 的新增功能What's new in Microsoft Defender for Endpoint on Mac

提示

如果你有任何要共享的反馈,请通过在你的设备上打开 Mac 上的 Microsoft Defender for Endpoint 并导航到"帮助发送反馈"来 > 提交它If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint on Mac on your device and navigating to Help > Send feedback.

若要获取最新功能(包括预览功能 (如适用于 Mac 设备的终结点检测和响应) ,请配置运行 Microsoft Defender for Endpoint 的 macOS 设备作为"预览体验成员"设备。To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device.

如何在 Mac 上安装 Microsoft Defender for EndpointHow to install Microsoft Defender for Endpoint on Mac

先决条件Prerequisites

  • 适用于终结点的 Defender 订阅和 Microsoft Defender 安全中心门户的访问权限A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
  • macOS 和 BASH 脚本的初学者级体验Beginner-level experience in macOS and BASH scripting
  • 手动部署时,设备上 (管理权限) Administrative privileges on the device (in case of manual deployment)

安装说明Installation instructions

可以使用多种方法和部署工具在 Mac 上安装和配置 Defender for Endpoint。There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.

系统要求System requirements

支持 macOS 的三个最新主要版本。The three most recent major releases of macOS are supported.

重要

在 macOS 11 (Sur) 上,Microsoft Defender for Endpoint 需要额外的配置文件。On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. 如果你是从 macOS 早期版本升级的现有客户,请确保部署 macOS Catalina的新配置文件和较新版本的 macOS 中列出的其他配置文件。If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on New configuration profiles for macOS Catalina and newer versions of macOS.

重要

截至 2021 年 2 月 15 (对) MacOS 10.13) 的支持已终止。Support for macOS 10.13 (High Sierra) has been discontinued as of February 15th, 2021.

  • 11 (大) ,10.15 (加泰罗尼亚语) ,10.14 (Mojave) 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave)
  • 磁盘空间:1GBDisk space: 1GB

不支持 macOS 的 Beta 版本。Beta versions of macOS are not supported.

启用该服务后,可能需要配置网络或防火墙以允许其与终结点之间的出站连接。After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

许可要求Licensing requirements

Mac 上的 Microsoft Defender for Endpoint 需要以下 Microsoft 批量许可产品/服务之一:Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:

  • Microsoft 365 E5 (M365 E5) Microsoft 365 E5 (M365 E5)
  • Microsoft 365 E5 安全版Microsoft 365 E5 Security
  • Microsoft 365 A5 (M365 A5) Microsoft 365 A5 (M365 A5)

备注

符合条件的许可用户可以在最多五台并发设备上使用 Microsoft Defender for Endpoint。Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices. Microsoft Defender for Endpoint 还可从云解决方案提供商云解决方案提供商 (云解决方案提供商) 。Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). 通过云解决方案提供商购买时,不需要列出 Microsoft 批量许可产品/服务。When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.

网络连接Network connections

以下可下载的电子表格列出了网络必须能够连接到的服务及其关联 URL。The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. 应确保没有拒绝访问这些 URL 的防火墙或网络筛选规则,或者您可能需要专门为它们创建允许规则。 You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

域列表电子表格Spreadsheet of domains list DescriptionDescription
适用于终结点 URL 电子表格的 Microsoft Defender 缩略图
服务位置、地理位置和操作系统的特定 DNS 记录的电子表格。Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

在此处下载电子表格:mdatp-urls.xlsx。 Download the spreadsheet here: mdatp-urls.xlsx.

Microsoft Defender for Endpoint 可以通过以下发现方法发现代理服务器:Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:

  • PAC (代理) Proxy autoconfig (PAC)
  • Web 代理自动发现协议 (WPAD) Web Proxy Autodiscovery Protocol (WPAD)
  • 手动静态代理配置Manual static proxy configuration

如果代理或防火墙阻止匿名流量,请确保允许匿名流量位于前面列出的 URL 中。If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

警告

不支持经过身份验证的代理。Authenticated proxies are not supported. 确保仅使用 PAC、WPAD 或静态代理。Ensure that only PAC, WPAD, or a static proxy is being used.

出于安全考虑,也不支持 SSL 检查和截获代理。SSL inspection and intercepting proxies are also not supported for security reasons. 为 SSL 检查和代理服务器配置例外,以将数据从 macOS 上的 Microsoft Defender for Endpoint 直接传递到相关 URL,而不会拦截。Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. 将拦截证书添加到全局存储将不允许拦截。Adding your interception certificate to the global store will not allow for interception.

若要测试连接是否未阻止,请打开 https://x.cp.wd.microsoft.com/api/report https://cdn.x.cp.wd.microsoft.com/ping ,在浏览器中打开。To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

如果您更喜欢命令行,还可以在终端中运行以下命令来检查连接:If you prefer the command line, you can also check the connection by running the following command in Terminal:

curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'

此命令的输出应类似于以下内容:The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

OK https://cdn.x.cp.wd.microsoft.com/ping

注意

建议在客户端设备上保持 启用 ( SIP) 系统完整性保护。We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP 是内置的 macOS 安全功能,可防止对操作系统进行低级篡改,并且默认启用。SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

安装 Microsoft Defender for Endpoint 后,可通过在终端中运行以下命令来验证连接性:Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:

mdatp connectivity test

如何在 Mac 上更新 Microsoft Defender for EndpointHow to update Microsoft Defender for Endpoint on Mac

Microsoft 会定期发布软件更新,以提高性能、安全性和提供新功能。Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. 若要更新 Mac 上的 Microsoft Defender for Endpoint,使用名为 Microsoft AutoUpdate (MAU) 程序。To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used. 若要了解更多信息,请参阅 在 Mac上部署 Microsoft Defender for Endpoint 更新。To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.

如何在 Mac 上配置 Microsoft Defender for EndpointHow to configure Microsoft Defender for Endpoint on Mac

有关如何在企业环境中配置产品的指南可在在 Mac 上设置 Microsoft Defender for Endpoint 的首选项中提供Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender for Endpoint on Mac.

macOS 内核和系统扩展macOS kernel and system extensions

为了与 macOS 演变保持一致,我们正在准备利用系统扩展而非内核扩展的 Mac 上的 Microsoft Defender for Endpoint 更新。In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint on Mac update that leverages system extensions instead of kernel extensions. 有关相关详细信息,请参阅 Mac 上的 Microsoft Defender for Endpoint 中的新增功能For relevant details, see What's new in Microsoft Defender for Endpoint on Mac.

资源Resources