top of page
Writer's pictureJosé Lázaro Pinos

Behaviour Monitoring in Microsoft Defender for Endpoint is now available for macOS!



Behaviour Monitoring in Microsoft Defender for Endpoint is now available for macOS!


This powerful feature continuously tracks the behaviour of applications, daemons, and files across your devices. By analysing how these processes interact with the system, it can detect suspicious activities that might indicate the presence of malware or other malicious threats. Unlike traditional signature-based detection, behaviour monitoring is dynamic and does not rely on known threat patterns. Instead, it identifies unusual behaviours in real-time, allowing it to adapt and respond to new, evolving threats, including zero-day attacks and sophisticated malware variants.


Behaviour monitoring can be deployed via IntuneJamf, or third-party MDM.


A few prerequisites for enabling behaviour monitoring on macOS:

  1. Device must be onboarded to Microsoft Defender for Endpoint.

  2. Preview features must be enabled in the Microsoft XDR portal (Microsoft Security).

  3. Device must be on the Beta channel (formerly known as InsiderFast).

  4. Minimal Defender version: Beta (Insiders-Fast) 101.24042.0002 or newer (app_version).

  5. Real-Time Protection (RTP) must be enabled.

  6. Cloud-delivered protection must be enabled.

  7. Device must be explicitly enrolled into the preview.


Ready to level up your macOS security?

Check out this article for deployment steps:
 

BY:

José Lázaro Pinos,

Global Head of Consulting - VP,

Performanta



Comments


bottom of page