Microsoft Defender brings Tamper Protection to Macs
Yet more security news, this time for Microsoft Defender for Endpoint customers using Macs, who can now set Tamper protection up on their Macs. This important protection prevents malicious software and unauthorized users modifying security settings on Macs.
Protect your Mac
Tamper Protection prevents unauthorized users from removing Microsoft Defender Endpoint from Macs. It also lets you set protection around your important security files, settings, and processes. This capability also helps important security files, processes, and configuration settings from being tampered.
“Tamper protection brings an additional layer of protection in Microsoft Defender for Endpoint to elevate the endpoint security posture of organizations. Reliably securing endpoints is crucial for any organization. Enhanced tamper resilience across prevalent platforms is a great advantage for organizations seeking to continuously enhance their endpoint security.”
Enterprises can configure Tamper Protection across their fleets manually, via Microsoft InTune or (of course), using Jamf.
Once you do set it up, the protection will monitor for attempts to tamper with the machine and capture event logs IT can use to identify incoming threats. Audit mode is enabled by default, but Microsoft plans to update this to automatically switch endpoints to block later this year.
[Also read: NIST publishes essential macOS security guide for enterprise pros]
In audit mode, you will notice the following events will be logged (audited):
- Actions to uninstall Defender for Endpoint agent
- Deletion/renaming/modification of Defender for Endpoint files
- The creation of new files under Defender for Endpoint installation location.
This is part of a package of recent protections being put in place around the Apple enterprise. Together, various companies, including Apple, Microsoft and device management firms such as Jamf, continue to address the vulnerabilities that are seeing increased use in a security aware age.
Tamper Protection is being made available to all customers across the next few weeks. The introduction is being staggered, so you may not have immediate access to this new protection. More information is available here.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
