You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/behavior-monitor-macos.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,21 +32,22 @@ f1.keywords: NOCSH
32
32
- Microsoft Defender Antivirus
33
33
- Supported [versions of macOS](/defender-endpoint/microsoft-defender-endpoint-mac)
34
34
35
-
> [!IMPORTANT]
36
-
> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
37
-
38
35
## Overview of behavior monitoring
39
36
40
37
Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them.
41
38
42
39
## Prerequisites
43
40
44
41
- The device must be onboarded to Microsoft Defender for Endpoint.
42
+
- For the best experience, Microsoft Defender should be up-to-date with the latest version.
45
43
- The minimum Microsoft Defender for Endpoint version number must be [101.25032.0006](/defender-endpoint/mac-whatsnew#apr-2025-build-101250320006---release-version-2012503260) or newer. The version number refers to the `app_version` (also known as **Platform update**).
46
44
- Real-time protection (RTP) must be enabled.
47
45
-[Cloud-delivered protection](/defender-endpoint/mac-preferences) must be enabled.
46
+
48
47
## Deployment instructions for behavior monitoring
49
48
49
+
Behavior Monitoring will soon be on by default. You can confirm your device’s enrollment status by checking the output of ***mdatp health --details features*** in your terminal. If not already enabled, you must configure it.
50
+
50
51
To deploy behavior monitoring in Microsoft Defender for Endpoint on macOS, you must change the behavior monitoring policy using one of the following methods:
51
52
52
53
-[Intune](#intune-deployment)
@@ -239,7 +240,7 @@ Once done, disable behavior monitoring statistics:
If the issue persists, download the [XMDE Client Analyzer](https://aka.ms/XMDEClientAnalyzer), and then contact Microsoft support.
243
+
If the issue persists, especially after a reboot, download the [XMDE Client Analyzer](https://aka.ms/XMDEClientAnalyzer), and then contact Microsoft support.
0 commit comments