How to Remove Microsoft Defender from Mac

Microsoft Defender

On this page, so far as the onboarding goes, you’ll have to do a few different things. Here this used to be a very manual process. Let us see How to remove Microsoft defender from Mac.

In what you had to configure as custom profiles within Microsoft Intune to configure on the mac itself, such as the kernel extension, full disk access, and things like that.

They’ve automated much of this with the app that you can now deploy through the app center and use a PowerShell script. That’ll show you to configure all the necessary configuration profiles for macOS onboarding.

Uninstall Microsoft Defender

• So here in the endpoint manager admin center, this results from running this PowerShell script. Still, it creates four configuration profiles for mac OS a step toward How to remove Microsoft defender from Mac.
• One is for onboarding, one for notification, one for kernel extension, and one for full disk access. Additionally, under the app section, it creates this macOS defender ATP.
• For macOS that you can use here to deploy, the one prerequisite you may want is to create a 365 group specifically for your macOS users.

Script

The script itself can be applied to the group and I, for example, just did macOS deployment here, and you’ll want to put all your mac users within this particular group to apply these settings for all those users.

So when they onboard their mac devices, you can then have them automatically get these specific settings, and the application can be pushed out to the device as soon as they enroll in the Intune service.

Command-Line

This is the top way you can deploy this to the devices. You can do a manual configuration on their device as well.

But if you’re thinking about total management and applying the EDR and AV capabilities. You want to do it when you’re enrolling devices in Intune. It shows you everything it’s doing here with each custom configuration profile.

Running the App

• Then also, the app itself, but you can read over these if you want it’s the biggest one you need to have in there is this kernel extension that trusts this assigned cert from Microsoft and the application itself so you can onboard that.
• The onboarding package here points to your particular tenant, giving you full disk access for heightened security features. Then this allows notifications to the users for critical things that may be coming up on their device.
• They need to be aware, so the first thing you’ll need to do here is to install the XML package file from within your defender security.

Control Center

• Center so you can go into the settings here and click on onboarding.
• Select macOS from the drop-down here, and then for this, go ahead and select mobile device management.
• And you’ll click on the download onboarding package, which will then give you this zip file on your particular computer that you’re doing.
• This one, and then from there, you’re going to go ahead and run the PowerShell Commandlets.

• Here and define where this is basically within the zip file you’ll have in tune is the folder you can also deploy this with jam as a PL IST file.

PowerShell

But we will show you how to deploy with Intune, and this is the windows defender Onboarding XML file that you will want to link to the PowerShell.

The script will prompt you to put it in the file path, so you’ll want to have this in a handy place or understand where this is here so you can link it and define this package file.

Configure GitHub Page

• So let’s go and pop into the GitHub page for the PowerShell script, so here again, you have two scripts.
• You can add all these things without assigning them to anybody, or you can go ahead and add an assignment to a group.
• So it’s up to you. The deployment group I created is the script here, and you can save this locally and then call it within PowerShell or copy and paste everything in here. I like to do it this way to assign it to that mac OS.

Defender for Malware

• For running PowerShell as administrator, I’ve already saved it.
• You can call the script, or you can paste the script in here, and you can go ahead and run it here.
• It’s saying hey, what is your admin in this account? You need to grant consent, and then if you haven’t already, it will have to ask you to sign in here.
• From there, it will ask you to put in your path, so again, this is wherever this is located for you; from there, it’ll ask you to define the azure id group.

Apple Ecosystem

• That this is going to be assigned to, so again, I’ll use my macOS deployment.
• And then it’ll go ahead and start to publish these things within the tenant so it’ll deploy the app and those custom configuration profiles we mentioned there.
• Apple system makes it hard How to remove Microsoft defender from mac.
• You can always pop back into the service itself, and in tune, you can go to devices’ macOS configuration profiles.

Real-Time Protection

• And again, I duplicated these here because I already had them, but you’ll see these populate here from there. Now, we must go on to the mac and enroll it into Intune.
• So, Go ahead and click on begin; it’s telling you what you can and can’t do as a management aspect of this, and then when you click on download profile here, it’ll pull up your system preferences and the security.
• Privacy center and the profiles listed on the mac itself so that you can approve this management profile is the same process, no matter if you’re looking at defender ATP or just onboarding in general.

Running as Admin

Just so you are aware, there’s nothing different about this, so now we can go ahead and install this management profile that’s been loaded from in tune, and you’ll have to type in your password to make these changes as an admin.

Now that that’s been verified here, we can click on done from the wizard, and this will take a couple of minutes just for things to propagate. Hope it shows How to remove Microsoft defender from mac.

Effectiveness

But we’ll begin to see specific effects in the sense of the actual antivirus icon popping up on our top toolbar and things of that nature.

So we’ll be back here when that’s done, okay, so we’re back here on the mac, and I have the ATP service fully installed now, and there are no threats. I can run scanned on-demand from this device.

Conclusion

You can also do so from the management portal, where you will typically enter it.

You may notice that it’s still in a waiting status here regarding the device install status or the user install status.

Still, in this case, it shows installed as well because we have it on there, so you want to keep an eye on that to report back for you in this portal, and then obviously, you’ll have the macOS device in the devices section of defender ATP.

Also, check: How to Record a Google Meet.