Mac 上的 Microsoft Defender for EndpointMicrosoft Defender for Endpoint on Mac

適用於:Applies to:

想要體驗適用於端點的 Microsoft Defender 嗎?Want to experience Microsoft Defender for Endpoint? 注册免費試用版。Sign up for a free trial.

本主題說明如何在 Mac 上安裝、設定、更新和使用 Defender for Endpoint。This topic describes how to install, configure, update, and use Defender for Endpoint on Mac.

警告

在 Mac 上執行其他協力廠商端點保護產品及 Microsoft Defender for Mac 時,可能會造成效能問題和不可預測的副作用。Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on Mac is likely to lead to performance problems and unpredictable side effects. 若非 Microsoft endpoint protection 是您環境中的絕對需求,則在將防病毒功能設定為以被動式模式執行之前,您仍然可以在 Mac EDR 功能上安全地利用 Defender for endpoint。If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint on Mac EDR functionality after configuring the antivirus functionality to run in Passive mode.

最新版本中的新功能What’s new in the latest release

適用於端點的 Microsoft Defender 新功能What's new in Microsoft Defender for Endpoint

Mac 版端點的 Microsoft Defender 新增功能What's new in Microsoft Defender for Endpoint on Mac

提示

如果您有任何您想要分享的意見反應,請在您的裝置上開啟 Microsoft Defender for Mac 上的端點,然後流覽以 協助 > 傳送意見 反應,以提交。If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint on Mac on your device and navigating to Help > Send feedback.

若要取得最新的功能,包括預覽功能 (例如 Mac 裝置的端點偵測和回應) ,請將執行 Microsoft Defender for Endpoint 的 macOS 裝置設定為「有問必答」裝置。To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device.

如何在 Mac 上為端點安裝 Microsoft DefenderHow to install Microsoft Defender for Endpoint on Mac

必要條件Prerequisites

  • 用於端點訂閱和存取 Microsoft Defender 資訊安全中心入口網站的 DefenderA Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
  • macOS 和 BASH 腳本中的初級層級體驗Beginner-level experience in macOS and BASH scripting
  • 當手動部署時,裝置上的系統管理許可權 () Administrative privileges on the device (in case of manual deployment)

安裝指示Installation instructions

您可以使用數種方法和部署工具,在 Mac 上為端點安裝和設定 Defender。There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.

系統需求System requirements

這三個最新的 macOS 主要版本都支援。The three most recent major releases of macOS are supported.

重要

在 macOS 11 (Big Sur) 上,Microsoft Defender for Endpoint 需要其他設定設定檔。On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. 如果您是現有的客戶從舊版的 macOS 升級,請務必在 MacOS Catalina 及更新版本的 macOS上部署所列于新設定設定檔的其他設定檔。If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on New configuration profiles for macOS Catalina and newer versions of macOS.

重要

MacOS 10.13 (高的塞拉里昂) 已于2021時終止。Support for macOS 10.13 (High Sierra) has been discontinued as of February 15th, 2021.

  • 11 (Big Sur) ,10.15 (Catalina) ,10.14 (Mojave) 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave)
  • 磁碟空間:1GBDisk space: 1GB

不支援 Beta 版本的 macOS。Beta versions of macOS are not supported.

不支援具有 M1 處理器的 macOS 裝置。macOS devices with M1 processors are not supported.

在您啟用服務之後,您可能需要設定網路或防火牆,以允許它和您的端點之間的輸出連線。After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.

授權需求Licensing requirements

Mac 版上的 microsoft Defender Endpoint 需要下列其中一項 Microsoft 大量授權:Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:

  • Microsoft 365 E5 (M365 E5) Microsoft 365 E5 (M365 E5)
  • Microsoft 365 E5 安全性Microsoft 365 E5 Security
  • Microsoft 365A5 (M365 A5) Microsoft 365 A5 (M365 A5)
  • Windows 10 企業版E5Windows 10 Enterprise E5
  • 適用於端點的 Microsoft DefenderMicrosoft Defender for Endpoint

注意

合格授權的使用者最多可在最多五個並行裝置上使用 Microsoft Defender 端點。Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices. Microsoft Defender for Endpoint 也可從雲端解決方案提供者 (CSP) 購買。Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). 透過 CSP 購買時,不需要列出 Microsoft 大量授權提供者。When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.

網路連線Network connections

下列可供下載的試算表會列出您網路必須能夠連線的服務及其相關 URLs。The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. 您應確定沒有防火牆或網路篩選規則可拒絕這些 URLs 的存取,否則您可能需要為他們建立一個 允許 規則。You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.

網域清單的試算表Spreadsheet of domains list 描述Description
Microsoft Defender for Endpoint URLs 試算表的縮圖影像
服務位置、地理位置和作業系統的特定 DNS 記錄試算表。Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

在這裡下載試算表: mdatp-urls.xlsxDownload the spreadsheet here: mdatp-urls.xlsx.

Microsoft Defender for Endpoint 可使用下列探索方法探索 proxy 伺服器:Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:

  • Proxy 自動設定 (PAC) Proxy autoconfig (PAC)
  • Web Proxy 自動探索通訊協定 (WPAD) Web Proxy Autodiscovery Protocol (WPAD)
  • 手動靜態 proxy 設定Manual static proxy configuration

如果 proxy 或防火牆封鎖匿名流量,請確定先前所列的 URLs 允許匿名流量。If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.

警告

不支援已驗證的 proxy。Authenticated proxies are not supported. 確定只使用 PAC、WPAD 或靜態 proxy。Ensure that only PAC, WPAD, or a static proxy is being used.

出於安全性原因,也不支援 SSL 檢查和截取 proxy。SSL inspection and intercepting proxies are also not supported for security reasons. 設定 SSL 檢查和 proxy 伺服器的例外狀況,以直接透過 Microsoft Defender for Endpoint for Endpoint URLs to to to to to to to to macOS,而不需要截獲。Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. 將您的截取憑證新增至全域存放區將不允許截取。Adding your interception certificate to the global store will not allow for interception.

若要測試連接未封鎖,請 https://x.cp.wd.microsoft.com/api/report https://cdn.x.cp.wd.microsoft.com/ping 在瀏覽器中開啟和。To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.

如果您傾向使用命令列,您也可以在終端中執行下列命令,以檢查連線:If you prefer the command line, you can also check the connection by running the following command in Terminal:

curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'

此命令的輸出應類似下列所示:The output from this command should be similar to the following:

OK https://x.cp.wd.microsoft.com/api/report

OK https://cdn.x.cp.wd.microsoft.com/ping

警告

建議您在用戶端裝置上啟用 系統完整性保護 (SIP) 。We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP 是內建的 macOS 安全性功能,可防止對作業系統的低層級篡改,且預設為啟用。SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.

安裝 Microsoft Defender for Endpoint 後,可在 Terminal 中執行下列命令來驗證連線:Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:

mdatp connectivity test

如何在 Mac 上更新 Microsoft Defender for EndpointHow to update Microsoft Defender for Endpoint on Mac

Microsoft 會定期發行軟體更新,以提升效能、安全性,並提供新功能。Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. 若要在 Mac 上更新 Microsoft Defender for Endpoint,使用名為 Microsoft AutoUpdate (MAU) 的程式。To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used. 若要深入瞭解,請參閱 在 Mac 上部署 Microsoft Defender For Endpoint 的更新To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.

如何在 Mac 上為端點設定 Microsoft DefenderHow to configure Microsoft Defender for Endpoint on Mac

有關如何在企業環境中設定產品的指引,可于 [Mac 上的 Microsoft Defender For Endpoint 的 設定偏好設定] 中取得。Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender for Endpoint on Mac.

macOS 內核和系統擴充macOS kernel and system extensions

在與 macOS 演變對齊時,我們正在準備使用系統擴充(而非核心擴充)的 Microsoft Defender for Mac 更新的端點。In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint on Mac update that leverages system extensions instead of kernel extensions. 如需相關詳細資料,請參閱 Mac 版的 Microsoft Defender For Endpoint 中的新功能For relevant details, see What's new in Microsoft Defender for Endpoint on Mac.

資源Resources