-->
![Firewall Firewall](/uploads/1/2/6/6/126601929/365200591.png)
![Mac firewall protection Mac firewall protection](/uploads/1/2/6/6/126601929/515472801.png)
TCPBlock is a versatile, reliable and quick application firewall for Mac OS X 10.5 developed by Delantis. TCPBlock is applied as a core component which covers the entire blocking logic. You can set it up in the TCPBlock command line utility or within the System Preferences TCPBlock advance panel. Feb 04, 2020 The features of Sophos are antivirus protection and web protection. But it lacks a firewall tool. According to many analysts, Mac already has a firewall feature that comes along with OS X. As the Sophos is available for free, it is not a major con. The antivirus and web protection provided by Sophos are strong and secure without any compromise. May 16, 2016 DoorStep X for mac DoorStep X is a paid firewall for Mac that is available for free for a 30 days trial. It comes with a setup assistant embedded inside to help you secure your Mac at its best. All the TCP services are on by default in the app and you can set protection on an address to address or service to service basis.
This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
Caution
Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring MDATP for Mac antivirus functionality to run in Passive mode.
What’s new in the latest release
Tip
If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to Help > Send feedback.
To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender ATP to be an 'Insider' device. See Enable Microsoft Defender ATP Insider Device.
How to install Microsoft Defender ATP for Mac
Prerequisites
- A Microsoft Defender ATP subscription and access to the Microsoft Defender Security Center portal
- Beginner-level experience in macOS and BASH scripting
- Administrative privileges on the device (in case of manual deployment)
Installation instructions
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
- Third-party management tools:
- Command-line tool:
System requirements
The three most recent major releases of macOS are supported.
- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
- Disk space: 650 MB
Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on January 1, 2020.
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
Network connections
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
Service location | DNS record |
---|---|
Common URLs for all locations | x.cp.wd.microsoft.com cdn.x.cp.wd.microsoft.com eu-cdn.x.cp.wd.microsoft.com wu-cdn.x.cp.wd.microsoft.com officecdn-microsoft-com.akamaized.net crl.microsoft.com events.data.microsoft.com |
European Union | europe.x.cp.wd.microsoft.com eu-v20.events.data.microsoft.com usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net winatp-gw-weu.microsoft.com winatp-gw-neu.microsoft.com |
United Kingdom | unitedkingdom.x.cp.wd.microsoft.com uk-v20.events.data.microsoft.com ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net winatp-gw-ukw.microsoft.com winatp-gw-uks.microsoft.com |
United States | unitedstates.x.cp.wd.microsoft.com us-v20.events.data.microsoft.com ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net winatp-gw-cus.microsoft.com winatp-gw-eus.microsoft.com |
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Proxy auto-config (PAC)
- Web Proxy Auto-discovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
Warning
Firewall Protection For Mac Os X Mac
Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping in a browser.
If you prefer the command line, you can also check the connection by running the following command in Terminal:
The output from this command should be similar to the following:
OK https://x.cp.wd.microsoft.com/api/report
OK https://cdn.x.cp.wd.microsoft.com/ping
Caution
We recommend that you keep System Integrity Protection (SIP) enabled on client devices. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
How to update Microsoft Defender ATP for Mac
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender ATP for Mac
How to configure Microsoft Defender ATP for Mac
![Firewall Firewall](/uploads/1/2/6/6/126601929/365200591.png)
Guidance for how to configure the product in enterprise environments is available in Set preferences for Microsoft Defender ATP for Mac.
macOS kernel and system extensions
In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit What's new in Microsoft Defender Advanced Threat Protection for Mac for relevant details.
Resources
- For more information about logging, uninstalling, or other topics, see the Resources page.
This article lists and describes the different compliance settings you can configure on macOS devices in Intune. As part of your mobile device management (MDM) solution, use these settings to set a minimum or maximum OS version, set passwords to expire, and more.
This feature applies to:
- macOS
As an Intune administrator, use these compliance settings to help protect your organizational resources. To learn more about compliance policies, and what they do, see get started with device compliance.
Before you begin
Create a compliance policy. For Platform, select macOS.
![Mac firewall protection Mac firewall protection](/uploads/1/2/6/6/126601929/515472801.png)
Device Health
- Require a system integrity protection
- Not configured (default) - This setting isn't evaluated for compliance or non-compliance.
- Require - Require macOS devices to have System Integrity Protection (opens Apple's web site) enabled.
Device Properties
- Minimum OS required
When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The device user can choose to upgrade their device. After that, they can access organization resources. - Maximum OS version allowed
When a device uses an OS version later than the version in the rule, access to organization resources is blocked. The device user is asked to contact their IT administrator. The device can't access organization resources until a rule changes to allow the OS version. - Minimum OS build version
When Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a minimum allowed build number on the device. - Maximum OS build version
When Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a maximum allowed build number on the device.
System security settings
Password
- Require a password to unlock mobile devices
- Not configured (default)
- Require Users must enter a password before they can access their device.
- Simple passwords
- Not configured (default) - Users can create passwords simple like 1234 or 1111.
- Block - Users can't create simple passwords, such as 1234 or 1111.
- Minimum password length
Enter the minimum number of digits or characters that the password must have. - Password type
Choose if a password should have only Numeric characters, or if there should be a mix of numbers and other characters (Alphanumeric). - Number of non-alphanumeric characters in password
Enter the minimum number of special characters, such as&
,#
,%
,!
, and so on, that must be in the password.Setting a higher number requires the user to create a password that is more complex. - Maximum minutes of inactivity before password is required
Enter the idle time before the user must reenter their password. - Password expiration (days)
Select the number of days before the password expires, and they must create a new one. - Number of previous passwords to prevent reuse
Enter the number of previously used passwords that can't be used.
Important
When the password requirement is changed on a macOS device, it doesn't take effect until the next time the user changes their password. For example, if you set the password length restriction to eight digits, and the macOS device currently has a six digits password, then the device remains compliant until the next time the user updates their password on the device.
Encryption
- Encryption of data storage on a device
- Not configured (default)
- Require - Use Require to encrypt data storage on your devices.
Device Security
Firewall protects devices from unauthorized network access. You can use Firewall to control connections on a per-application basis.
- Firewall
- Not configured (default) - This setting leaves the firewall turned off, and network traffic is allowed (not blocked).
- Enable - Use Enable to help protect devices from unauthorized access. Enabling this feature allows you to handle incoming internet connections, and use stealth mode.
- Incoming connections
- Not configured (default) - Allows incoming connections and sharing services.
- Block - Block all incoming network connections except the connections required for basic internet services, such as DHCP, Bonjour, and IPSec. This setting also blocks all sharing services, including screen sharing, remote access, iTunes music sharing, and more.
- Stealth Mode
- Not configured (default) - This setting leaves stealth mode turned off.
- Enable - Turn on stealth mode to prevent devices from responding to probing requests, which can be made my malicious users. When enabled, the device continues to answer incoming requests for authorized apps.
Gatekeeper
For more information, see Gatekeeper on macOS (opens Apple's web site).
- Allow apps downloaded from these locations
Allows supported applications to be installed on your devices from different locations. Your location options:- Not configured (default) - The gatekeeper option has no impact on compliance or non-compliance.
- Mac App Store - Only install apps for the Mac app store. Apps can't be installed from third parties nor identified developers. If a user selects Gatekeeper to install apps outside the Mac App Store, then the device is considered not compliant.
- Mac App Store and identified developers - Install apps for the Mac app store and from identified developers. macOS checks the identity of developers, and does some other checks to verify app integrity. If a user selects Gatekeeper to install apps outside these options, then the device is considered not compliant.
- Anywhere - Apps can be installed from anywhere, and by any developer. This option is the least secure.
Next steps
- Add actions for noncompliant devices and use scope tags to filter policies.
- Monitor your compliance policies.
- See the compliance policy settings for iOS devices.