Microsoft brings Windows 10 security to Apple Macs with Defender ATP

Enterprise Mac users can now install Microsoft's next-gen antivirus for Windows 10.
Written by Liam Tung, Contributing Writer

Microsoft's enterprise security platform Windows Defender Advanced Threat Protection (ATP) can now protect macOS devices in addition to Windows 10 ones, Microsoft announced today. 

To reflect its coverage of non-Windows operating systems, Microsoft has also decided to rename its next-gen anti-malware product Microsoft Defender ATP.  

Microsoft Defender ATP for Mac is available now in limited preview and follows the February expansion of the security service beyond Windows 10 to Windows 7 and Windows 8.1.   

Microsoft Defender ATP gives customers the ability to prevent, detect, investigate, and respond to advanced malware attacks. Enterprise security teams can collect sensor data from Windows 10 and now Mac devices, store it in a private cloud instance of Microsoft Defender ATP, and then use Microsoft's cloud security analytics services to convert the data into threat intelligence.    

Customers that sign up will get "next-gen antivirus protection on Mac" for now. However, during the preview Microsoft intends to add its endpoint detection and response capabilities, which give security analysts alerts so that they can quickly investigate a breach and remediate issues on affected devices. 

Microsoft Defender ATP for Mac will also be gaining a new capability called Threat and Vulnerability Management (TVM), which will be available in a public preview by the end of April. 

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)

Microsoft notes it has been working with partners to deliver Windows Defender ATP to Mac and Linux devices while this new service for Macs is its first-party solution.   

Admins can install the Microsoft Defender ATP on macOS Mojave, High Sierra, or Sierra, which offers a similar experience and user interface as that available on Windows 10 devices.   

Users will have the option to configure advanced settings in Microsoft Defender ATP, but admins can disable these options. It also features AutoUpdate, where the app can be set to automatically receive updates. 

Macs with Microsoft Defender ATP can report alerts and detections to the Microsoft ATP portal so that admins can review them alongside Windows 10 alerts.

And for anyone doubting that a Mac couldn't benefit from Microsoft Defender ATP protection, Microsoft offers a reminder that it can detect KeRanger, the first ransomware to target macOS


In the limited preview, the app lets end users manage configurations.

Image: Microsoft

TVM, also announced today, takes a "a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations", according to Microsoft.  

TVM features as a new dashboard in the Windows Defender Security Center app, displaying an 'exposure score' and 'configuration score'. 

SEE: Cloud v. data center decision (ZDNet special report) | Download the report as a PDF (TechRepublic)

The scores are based on sensor data that provides an inventory of devices showing vulnerability and security configuration data; a software inventory, including installations, uninstallation and patches; data about vulnerable runtime libraries being loaded by other apps; and configuration data to identify devices with disabled antivirus, enabled SMBv1, and configurations that could give attacks a way to escalate privileges. 

"We're leveraging our endpoint sensors for real-time visibility, worldwide optics of Microsoft and third-party installed applications, and threat intelligence to help our customers prioritize and focus on the weaknesses that pose the highest risk to their organization right now," said Rob Lefferts, corporate vice president of Microsoft Security. 

The new features follow last month's launch of Azure Sentinel, Microsoft's "cloud-native Security Information and Event Management (SIEM) tool", and the Windows Defender ATP managed threat hunting service, Microsoft Threat Experts.

Previous and related coverage

Microsoft's new cloud security tools aim to reduce alert fatigue

In an announcement ahead of the RSA Conference, Microsoft released details of two cloud-based security tools for large organizations. 

Microsoft's Windows Defender Advanced Threat Protection service now available for Windows 7, 8.1 clients

Microsoft's Windows Defender ATP service, which provides pre- and post-breach detection and investigation, is finally generally available for Windows 7 and 8.1.

Some Windows 7, 8.1 users reporting Security Essentials and Windows Defender problems

Some Windows 7 and 8.1 users are noticing that their automatic anti-malware protection has been turned off and are seeing out-of-date virus definitions. A definition update fix is available now.

Microsoft releases Application Guard extension for Chrome and Firefox

Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live.

How virtualisation is changing Windows application security TechRepublic

Sandboxes, minimal processes, Hyper-V containers, Device Guard: virtualisation delivers a lot more than VMs in modern Windows.

How virtualisation is changing Windows application security TechRepublic

Sandboxes, minimal processes, Hyper-V containers, Device Guard: virtualisation delivers a lot more than VMs in modern Windows.

Microsoft brings Windows Defender to Chrome and Firefox CNET 

For now, the protections are only available for Windows Insiders.

Editorial standards