Scope the cloned version of the – Uninstall Symantec Policy to the Macs you are deploying MDE to (this removes SEP from the Macs) and reboot them.Clone the UNM – Default Microsoft Defender for Endpoint (Intel) and UNM – Default Microsoft Defender for Endpoint (M1) Profiles from the Full JAMF Pro Site to your Site.Clone the UNM – Install Microsoft Defender for Endpoint and UNM – Uninstall Symantec Policies from the Full JAMF Pro Site to your Site.And then, of course, you'll need the Standalone Defender ATP license. If not, I believe you can add it with an EMS+E3. If you already have Business Premium, that's included. So, for non-enterprise, you'll need an InTune license. You can setup web filtering to, for example, ban porn from your corporate machines, even if they're outside your corporate network. You can setup policies, for example, to isolate an infected machine from talking to your other machines. What makes it worthwhile is that you can manage AV and security policies on all of your machines at once from a cloud dashboard. The base client on the machines is the same Windows Defender that you get on a vanilla Win10 box. Sounds a bit convoluted, right? But, it makes sense if you think about it - the entire reason Defender ATP exists is for cloud management of endpoint security. Setup a Mac Defender Onboarding policy, assign it to a group, and enroll the Macs in InTune. I'm not sure the procedure with Macs, but I know you can enroll them in InTune, and I know that they're compatible with Defender, so I'm fairly sure it's a similar process. As I recall, you onboard a machine via an InTune configuration policy, and then setup device compliance policies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |