Microsoft Defender for Endpoint Adds Tamper Protection on macOS
Microsoft has announced that Tamper Protection is now generally available for Defender for Endpoint customers on macOS devices. The new feature prevents malicious software and unauthorized users from modifying security settings that might put a system at risk.
With Tamper Protection enabled, third-party apps won’t be able to uninstall Microsoft Defender for EndPoint from Mac machines. The feature also helps to protect important security files, configuration settings, and processes.
“Tamper protection brings an additional layer of protection in Microsoft Defender for Endpoint to elevate the endpoint security posture of organizations. Reliably securing endpoints is crucial for any organization. Enhanced tamper resilience across prevalent platforms is a great advantage for organizations seeking to continuously enhance their endpoint security,” the company explained.
How to enable Microsoft Defender for Endpoint Tamper Protection on macOS
Organizations can configure Tamper Protection on macOS devices manually or via Microsoft Intune. Once it has been set up, Microsoft Defender for EndPoint monitors tamper attempts and creates event logs to alert IT admins about potential security threats.
Microsoft notes that Tamper Protection ships with audit mode enabled by default, and it’s up to the IT admins to disable it in their tenants. The audit mode will log tampering operations such as the creation, deletion, renaming, and modification of files. In audit mode, administrators will be able to view Tamper Protection signals in local on-device logs or via Advanced Hunting.
Moreover, users can run the “mdatp health” command in order to check the status of the feature on their Mac devices. The value will either be set to “audit,” “block,” or disabled in the “tamper_protection” field.
Microsoft plans to release an update that will automatically switch endpoints to “block” mode later this year. However, this change will only apply to customers who have not manually enabled or disabled block mode.
The Tamper Protection feature will be enabled for all customers in a staggered manner over the next few weeks. This capability is available for devices running Microsoft Defender for Endpoint for macOS version 101.75.90 or later. We invite you to check out this support page for more details.
More in Security
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
How to Create Conditional Access Policies using PowerShell
Jan 4, 2023 | Liam Cleary
Bitwarden – An Open-Source Alternative to LastPass for Business and Personal Use
Jan 3, 2023 | Russell Smith
LastPass Confirms Hackers Stole Personal Data and Encrypted Password Vaults
Dec 23, 2022 | Rabia Noureen
How Does eDiscovery Work Within Microsoft 365?
Dec 23, 2022 | Liam Cleary
Most popular on petri