In this post, let’s see how to configure macOS Antivirus Policy using Intune. We will provide an overview of the importance of antivirus protection, the various settings that can be customized when creating a profile, and the steps for securing your macOS devices with Intune.
To effectively secure resources and provide access to corporate applications through Intune, it’s important for organizations to implement compliance policies, configuration profiles, and Conditional Access policies. In our previous blog post, we covered the specific steps for creating a Firewall Security profile in Intune.
Antivirus policies in Intune can help security admins to manage the discrete group of antivirus settings for Intune-managed devices. While creating an Antivirus policy in Intune includes several profiles. It can prevent cyberattacks on devices and secure organizational data.
Each profile contains relevant settings for Microsoft Defender for macOS devices. The Antivirus profile replaces the need to configure the settings using
.plist files. In Layman’s terms, Plist files allow saving macOS app preferences. Occasionally they may need to be deleted to restore proper functionality to an app experiencing conflicts.
Let’s quickly look at the prerequisites for creating an Antivirus Policy in Intune. All macOS versions are supported, For Intune-managed macOS devices, Microsoft Defender must be installed.
- Enroll MacOS In Intune With Step By Step Guide
- New System Settings in macOS Ventura v13 and Intune Software Update Configs
Why is It Important to Configure macOS Antivirus Policy Settings
Antivirus protection is crucial to securing organizational data on company-owned macOS devices. It is an essential initial step that must be taken alongside other configurations, such as Firewall and Disk encryption.
Anti-virus is a security program that should be installed on devices to protect from getting infected by malware. Malware is any malicious software, such as viruses, worms, Trojans, and spyware. Also, malware comes from word malicious software. If any device has been infected by any malware, a cyber attacker can capture all keystrokes and steal data from the device.
Apple designs its hardware and software with advanced technologies, which work to run apps more securely, protect data, and help keep users safe on the web. Also, the best way to keep the mac secure is by running on the latest macOS version. macOS work at the core to keep the whole system safe from malware.
How to Configure macOS Antivirus Profile Using Intune
To create an Antivirus profile, we must ensure to have the required access to the Intune Portal. Follow the steps mentioned below to create a profile in Intune portal for macOS devices.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/.
- Select Endpoint Security > under Manage, and select Antivirus. Click on Create Policy.
- In Create a profile window, Select Platform – macOS, Profile – Antivirus, and Click on Create.
Once you click on Create button from the above page, Provide the Name and Description and click on Next.
Under the Configuration settings tab, select settings to be used on the device as defined by the organization
- Real-time protection (Require Microsoft Defender on macOS devices to use real-time Monitoring. It locates and stops malware from installing/ running. This setting can be turned off for a short time before it turns back on automatically)
- Cloud-delivered protection (By default, Microsoft Defender sends information to Microsoft about any problems it finds. Microsoft analyzes it to learn more about problems and to offer improved solutions. It works best when Automatic sample submission is set on.
- Automatic sample submission (Sends sample files to Microsoft to help protect device users and your organization from potential threats)
- Diagnostic Data Collection (Configure how diagnostic and usage data is shared with Microsoft)
- Folders excluded from scan (With this feature, we can exclude folders from Antivirus scan)
- Files excluded from scan (With this feature, we can exclude files from Antivirus scan)
- File types excluded from scan (With this feature, we can exclude types of files ( .app, .txt etc.) from Antivirus scan)
- Processes excluded from scan (With this feature, we can exclude processes from Antivirus scan)
Here we have configured the below settings;
Real-time protection: Enabled
Cloud-delivered Protection: Enabled
Automatic sample submission: Enabled
Diagnostic Data collection: Required
On the next page, Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.
On the next page, select Assignments group (Included groups and Excluded groups) and click Next.
Assignment Group: It determines who has access to any app, policy, or configuration profile by assigning groups of users to include and exclude.
On the Review+create page, please review if any settings need to be changed, or else go ahead and create the policy.
Once the Antivirus policy is created, it will take a few minutes to get pushed to the targeted devices in the selected group; also, to view the push status on the list of targeted devices, we can check as per the below steps.
To see all the device statuses, Navigate to Endpoint Security> under Manage, and select Antivirus. Click on the selected policy, and on the Overview page, you may see the Profile deployment status.
Also, we can view the per user, per device, and per setting status under every Antivirus policy.
Device Status: On this page, we can see a list of devices that the Antivirus policy has been pushed and how many of them are shown as Succeeded, Conflict, Error, and Not-Applicable.
User Status: On this page, we can see a list of users associated under Intune and push with the Antivirus setting policy and how many of them are showing as Succeeded, Conflict, Error, and Not-Applicable.
Per Setting Status: On this page, we can see a list of Antivirus Settings pushed to a list of devices; we can view the status as Succeeded, Conflict, Error, and Not-Applicable for each of the settings.
- Configure FileVault Encryption For MacOS Devices Using Intune
- Configure macOS Compliance Policy in Intune for Devices
Monitor Antivirus Policy on macOS
Once the Policy gets pushed to the list of macOS devices as part of the assignment group, it may take a few minutes to reflect on the end user’s device.
Once the user successfully logged in to the device, we can follow the steps below to check the profile status.
- Click on the Apple icon at the top-left corner.
- Select System Settings from the list of options.
Go to Privacy & Security > Profiles > you can see profiles deployed related to the Antivirus setting on the mac.
To view the settings in the profiles, double-click and open them to view the details. Here you can see the detailed status of the applied antivirus protection policy.
To ensure the protection of company resources, organizations must prioritize implementing an Antivirus policy as the foundation of their security protocols for all company-owned macOS devices. This policy helps to secure network activity on the user’s device.
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his knowledge on Apple Mac Devices Support. He is an M.Tech graduate in System Engineering.