title: Microsoft Defender for Endpoint on macOS overview ms.reviewer: joshbregman description: An introduction and overview of Microsoft Defender for Endpoint on macOS. ms.service: defender-endpoint author: paulinbar ms.author: painbar ms.localizationpriority: medium manager: bagol audience: ITPro ms.collection:
- m365-security
- tier3
- mde-macos
ms.topic: install-set-up-deploy
ms.subservice: macos
search.appverid: met150
ms.date: 07/01/2025
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
- Microsoft Defender for Individuals
This article provides an overview of Microsoft Defender for Endpoint on macOS, including its capabilities and features. It also includes links to additional resources for more information.
This article describes how to install, configure, update, and use Defender for Endpoint on Mac.
[!INCLUDE side-by-side-scenarios]
What's new in Microsoft Defender for Endpoint
What's new in Microsoft Defender for Endpoint on Mac
Tip
If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint on Mac on your device and navigating to Help > Send feedback.
To get the latest features, including preview capabilities, configure your macOS device running Defender for Endpoint to use the Beta channel (formerly Insider-Fast).
- A Defender for Endpoint subscription and access to the Microsoft Defender portal
- Beginner-level experience in macOS and BASH scripting
- Administrative privileges on the device (in manual deployment)
There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.
- Microsoft Intune-based deployment
- Non-Microsoft management tools:
- Manual deployment via command line.
Note
Uninstalling and reinstalling Microsoft Defender is not required when performing an in-place upgrade of macOS. For certain macOS releases, Apple introduces new security or configuration requirements that require administrators to deploy additional configuration profiles via MDM. When this applies, the required changes are documented on the What’s new page. We recommend reviewing the latest What’s new updates to confirm whether any additional configuration is needed for your environment.
These three most recent major releases of macOS are supported.
-
26 (Tahoe)
-
15.0.1 (Sequoia)
-
14 (Sonoma)
-
Supported processors: x64 and ARM64 (Mx processors)
-
Disk space: 1GB
-
Beta versions of macOS aren't supported.
Important
On macOS 11 (Big Sur) and later, Defender for Endpoint requires more configuration profiles. If you're an existing customer upgrading from earlier versions of macOS, make sure to deploy the extra configuration profiles listed on New configuration profiles for macOS Big Sur and newer versions of macOS and detailed in installation instructions.
After you've enabled the service, you might need to configure your network or firewall to allow outbound connections between it and your endpoints.
Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5
- Microsoft Defender Suite
- Microsoft 365 A5
- Windows 10 Enterprise E5
- Microsoft 365 Business Premium
- Windows 11 Enterprise E5
- Microsoft Defender for Endpoint P2 (included in Microsoft 365 E5 and E5 Security)
- Microsoft Defender for Endpoint P1 (included in Microsoft 365 E3)
Note
Eligible licensed users might use Microsoft Defender for Endpoint on up to five concurrent devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it doesn't require Microsoft Volume Licensing offers listed.
When adding exclusions, be mindful of common exclusion mistakes for Microsoft Defender Antivirus.
Ensure that connectivity is possible from your devices to Microsoft Defender for Endpoint cloud services. To prepare your environment, please reference STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service.
Defender for Endpoint can connect through a proxy server by using the following methods:
- Proxy autoconfig (PAC)
- Web Proxy Autodiscovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
Warning
Authenticated proxies aren't supported. Ensure that only PAC, WPAD, or a static proxy is being used. SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store won't allow for interception.
To test that a connection isn't blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.
If you prefer the command line, you can also check the connection by running the following command in Terminal:
curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'The output from this command should be similar to the following:
OK https://x.cp.wd.microsoft.com/api/report
OK https://cdn.x.cp.wd.microsoft.com/ping
Caution
We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
Once Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
mdatp connectivity testMicrosoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Defender for Endpoint on macOS, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender for Endpoint on Mac.
Starting with macOS 11 (Big Sur), Defender for Endpoint has been fully migrated from kernel extension to system extensions.
- For more information about logging, uninstalling, or other articles, see Resources for Microsoft Defender for Endpoint on macOS.
- Privacy for Microsoft Defender for Endpoint on macOS.
- Turn on Network protection for macOS