MDATP for Mac is moving to use system extensions instead of kernel extensions
In preparation for macOS 11 Big Sur, Microsoft is getting ready to release an update to Microsoft Defender ATP for Mac that will leverage new system extensions instead of kernel extensions. Apple will stop supporting kernel extensions starting macOS 11 Big Sur version. Therefore an update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
The update is applicable to devices running macOS version 10.15.4 or later.
- Organizations that previously opted into Microsoft Defender ATP preview features in Microsoft Defender Security Center, must be ready for Microsoft Defender ATP for Mac agent update by August 10, 2020.
- Organizations that do not participate in public previews for Microsoft Defender ATP features, must be ready by September 07, 2020.
- Action: review and assess
How this will affect your organization
To ensure Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version.
If such configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
What you need to do to prepare
Review the steps below and assess the impact on your organization:
- Deploy the specified remote configuration to eligible macOS devices before Microsoft publishes the new agent version.
- Refer to this documentation for detailed configuration information and instructions: New configuration profiles for macOS Catalina and newer versions of macOS
- Monitor “what’s new for Mac” page for an announcement of the actual release of MDATP for Mac agent update: What’s new in Microsoft Defender Advanced Threat Protection for Mac