Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Endpoint on macOS helps organizations prevent, detect, investigate, and respond to advanced threats on Mac devices. Built natively on Apple's system extension architecture, it delivers enterprise-grade protection optimized for macOS workloads - from software development to content creation - with seamless integration into your existing security operations through the Microsoft Defender portal.
The following table describes capabilities in Defender for Endpoint on macOS:
| Category | Description |
|---|---|
| Next-generation protection | Defender for Endpoint on macOS includes next-generation antivirus protection powered by local and cloud-based machine learning, behavioral monitoring, and heuristics. Cloud protection provides near-instant detection and blocking of new and emerging threats, including infostealers, supply chain attacks, and other threats targeting macOS. You can configure security settings including antivirus, cloud protection, and scan options, detect and block potentially unwanted applications, and define custom indicators of compromise for IP addresses and URLs. Network protection and web protection help protect your Mac devices from web-based threats by controlling connections to malicious or unwanted sites. Tamper protection safeguards security settings from unauthorized changes. Device control lets you monitor and restrict access to removable media - including USB storage, Bluetooth, and other peripherals - with granular policies deployed through Intune or JAMF. |
| Endpoint detection and response (EDR) | Defender for Endpoint on macOS uses AI and advanced analytics to detect and respond to threats in close to real time. The Microsoft Defender portal at https://security.microsoft.com provides a central location to view detections and manage your organization's devices. You can use advanced hunting to query raw event data and gain deeper insight into activity on your Mac endpoints. Response actions include running antivirus scans, isolating devices, collecting investigation packages, and collecting files for deep analysis. Live response provides remote shell connections for in-depth investigations directly on macOS devices. |
| Posture management | Defender for Endpoint on macOS provides risk-based vulnerability management with intelligent prioritization, remediation, and tracking to help you manage and secure your Mac devices. Your security team gains a comprehensive view of your organization's exposure score, security recommendations, remediation activities, and software inventory for your macOS fleet. |
| Streamlined management and operations | Defender for Endpoint on macOS integrates with the management tools your organization already uses, including Microsoft Intune, JAMF, and other MDM solutions. You can configure security settings centrally, and security settings management lets you manage security policies directly from the Microsoft Defender portal without requiring full Intune enrollment. Software updates are delivered through Microsoft AutoUpdate (MAU), ensuring your Mac fleet stays current with the latest protection. Defender for Endpoint also provides a comprehensive set of management APIs for programmatic access to device management, vulnerability management, and threat intelligence. |
| Seamless integration and extensibility | Microsoft Defender for Endpoint on macOS is built on system extensions, fully aligned with Apple's security architecture for long-term stability and compatibility. The sensor is optimized for macOS workloads, with native support for both Intel and Apple Silicon (Mx) processors. Defender for Endpoint integrates seamlessly with the broader Microsoft Defender suite, offering extensibility through API integration, SIEM connectors, Power BI support, and role-based access control (RBAC). |
Important
If you want to run multiple security solutions side by side, see Considerations for performance, configuration, and support.
You might have already configured mutual security exclusions for devices onboarded to Microsoft Defender for Endpoint. If you still need to set mutual exclusions to avoid conflicts, see Add Microsoft Defender for Endpoint to the exclusion list for your existing solution.
What's new in the latest release
To learn about what's new in Endpoint security, see the latest updates.
What's new in Microsoft Defender for Endpoint
What's new in Microsoft Defender for Endpoint on Mac
If you have feedback to share, open Microsoft Defender for Endpoint on your Mac device, and then go to Help > Send feedback.
To get the latest features, including preview capabilities, configure your macOS device running Defender for Endpoint to use the Beta channel (formerly Insider-Fast).