Merge pull request #1602 from MicrosoftDocs/main

Publish main to live, Tuesday 3:30PM PDT, 10/15

Author: Stacyrch140

defender-endpoint/microsoft-defender-endpoint-mac.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 10/03/2024
+ms.date: 10/15/2024
 ---
 
 # Microsoft Defender for Endpoint on Mac
@@ -59,24 +59,18 @@ To get the latest features, including preview capabilities (such as endpoint det
 
 There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.
 
-- Third-party management tools:
-    - [Microsoft Intune-based deployment](mac-install-with-intune.md)
+- [Microsoft Intune-based deployment](mac-install-with-intune.md)
+- Non-Microsoft management tools:
     - [JAMF-based deployment](mac-install-with-jamf.md)
     - [Other MDM products](mac-install-with-other-mdm.md)
-
-- Command-line tool:
-    - [Manual deployment](mac-install-manually.md)
+- Command-line tool: [Manual deployment](mac-install-manually.md)
 
 ### System requirements
 
 These four most recent major releases of macOS are supported.
-
 - 15.0.1 (Sequoia)
-
 - 14 (Sonoma)
-
 - 13 (Ventura)
-
 - 12 (Monterey)
 
 - Supported processors: x64 and ARM64
@@ -85,24 +79,23 @@ These four most recent major releases of macOS are supported.
 
 - Beta versions of macOS aren't supported.
 
-- Important
-
-> On macOS 11 (Big Sur) and later, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](/editor/MicrosoftDocs/defender-docs-pr/defender-endpoint%2Fmicrosoft-defender-endpoint-mac.md/main/979628aa-e0a5-ba01-7de6-f03ef27b15df/mac-sysext-policies.md).
+> [!IMPORTANT]
+> On macOS 11 (Big Sur) and later, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md) and detailed in [installation instructions](#installation-instructions).
 
-After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
+After you've enabled the service, you might need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
 ### Licensing requirements
 
 Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:
 
-- Microsoft 365 E5 (M365 E5)
+- Microsoft 365 E5
 - Microsoft 365 E5 Security
-- Microsoft 365 A5 (M365 A5)
+- Microsoft 365 A5
 - Windows 10 Enterprise E5
 - Microsoft 365 Business Premium
 - Windows 11 Enterprise E5
-- Microsoft Defender for Endpoint P2
-- Microsoft Defender for Endpoint P1 (which is included in [Microsoft 365 E3 (M365 E3)](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639))
+- Microsoft Defender for Endpoint P2 (included in Microsoft 365 E5 and E5 Security)
+- Microsoft Defender for Endpoint P1 (included in [Microsoft 365 E3](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639))
 
 > [!NOTE]
 > Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices.
@@ -126,7 +119,6 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
 
 > [!WARNING]
 > Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
->
 > SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
 
 #### Test network connectivity

defender-endpoint/run-analyzer-macos-linux.md

@@ -22,39 +22,40 @@ search.appverid: met150
 # Run the client analyzer on macOS and Linux
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 
 The XMDEClientAnalyzer is used for diagnosing Microsoft Defender for Endpoint health or reliability issues on onboarded devices running either Linux, or macOS.
 
 There are two ways to run the client analyzer tool:
 
-1. Using a binary version (no Python dependency)
+1. Using a binary version (no external Python dependency)
 2. Using a Python-based solution
 
-
 ## Running the binary version of the client analyzer
 
 1. Download the [XMDE Client Analyzer Binary](https://aka.ms/XMDEClientAnalyzerBinary) tool to the macOS or Linux machine you need to investigate.\
 If you're using a terminal, download the tool by entering the following command:
 
-    ```console
+    ```bash
     wget --quiet -O XMDEClientAnalyzerBinary.zip https://aka.ms/XMDEClientAnalyzerBinary
     ```
 
 1. Verify the download.
 
    > [!NOTE]
    > The current SHA256 hash of `XMDEClientAnalyzerBinary.zip` that is downloaded from this link is: `4E972F7950EA475A21735042484CD00CED6EA70ED9CBB48B4C9405FFD2706DFA`.
+ 
    - Linux
 
-       ```console
+    ```bash
     echo '4E972F7950EA475A21735042484CD00CED6EA70ED9CBB48B4C9405FFD2706DFA XMDEClientAnalyzerBinary.zip' | sha256sum -c
     ```
 
    - macOS
 
-       ```console
+    ```bash
     echo '4E972F7950EA475A21735042484CD00CED6EA70ED9CBB48B4C9405FFD2706DFA  XMDEClientAnalyzerBinary.zip' | shasum -a 256 -c
     ```
 
@@ -63,13 +64,13 @@ If you're using a terminal, download the tool by entering the following command:
 
     If you're using a terminal, extract the files by entering the following command:
 
-    ```console
+    ```bash
     unzip -q XMDEClientAnalyzerBinary.zip -d XMDEClientAnalyzerBinary
     ```
 
 4. Change to the tool's directory by entering the following command:
 
-    ```console
+    ```bash
     cd XMDEClientAnalyzerBinary
     ```
 
@@ -84,87 +85,82 @@ If you're using a terminal, download the tool by entering the following command:
 
    - Linux
 
-     ```console
+     ```bash
      unzip -q SupportToolLinuxBinary.zip
      ```
 
    - Mac
 
-     ```console
+     ```bash
      unzip -q SupportToolMacOSBinary.zip
      ```
 
 7. Run the tool as _root_ to generate diagnostic package:
 
-   ```console
+   ```bash
    sudo ./MDESupportTool -d
    ```
 
 ## Running the Python-based client analyzer
 
 > [!NOTE]
->
-> - The analyzer depends on few extra PIP packages (sh, distro, lxml, pandas) which are installed in the OS when in root to produce the result output. If not installed, the analyzer will try to fetch it from the [official repository for Python packages](https://pypi.org/search/?q=lxml).
->
->   >[!WARNING]
->   >Running the Python-based client analyzer requires the installation of PIP packages which may cause some issues in your environment. To avoid issues from occurring, it is recommended that you install the packages into a user PIP environment.
->
-> - In addition, the tool currently requires Python version 3 or later to be installed.
->
-> - If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the mde_support_tool.sh script. For example:
-.
->   `https_proxy=https://myproxy.contoso.com:8080 ./mde_support_tool.sh"`
+> - The analyzer depends on few extra PIP packages (`decorator`, `sh`, `distro`, `lxml`, and `psutil`) which are installed in the operating system when in root to produce the result output. If not installed, the analyzer attempts to fetch it from the [official repository for Python packages](https://pypi.org/search/?q=lxml).
+> - In addition, the tool currently requires Python version 3 or later to be installed on your device.
+> - If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the `mde_support_tool.sh` script. For example: `https_proxy=https://myproxy.contoso.com:8080 ./mde_support_tool.sh"`.
+
+> [!WARNING]
+> Running the Python-based client analyzer requires the installation of PIP packages which may cause some issues in your environment. To avoid issues from occurring, it is recommended that you install the packages into a user PIP environment.
 
 1. Download the [XMDE Client Analyzer](https://aka.ms/XMDEClientAnalyzer) tool to the macOS or Linux machine you need to investigate.
 
     If you're using a terminal, download the tool by running the following command:
 
-    ```console
+    ```bash
     wget --quiet -O XMDEClientAnalyzer.zip https://aka.ms/XMDEClientAnalyzer
     ```
 
 2. Verify the download
 
    - Linux
 
-    ```console
+    ```bash
     echo 'E1C3D20516C849D8CD27257BB6084FBC2991B8F6214BF9121BB9B1446F95BB1F XMDEClientAnalyzer.zip' | sha256sum -c
     ```
 
    - macOS
 
-    ```console
+    ```bash
     echo 'E1C3D20516C849D8CD27257BB6084FBC2991B8F6214BF9121BB9B1446F95BB1F  XMDEClientAnalyzer.zip' | shasum -a 256 -c
     ```
 
 3. Extract the contents of XMDEClientAnalyzer.zip on the machine.
     If you're using a terminal, extract the files by using the following command:
 
-    ```console
+    ```bash
     unzip -q XMDEClientAnalyzer.zip -d XMDEClientAnalyzer
     ```
 
 4. Change directory to the extracted location.
 
-    ```console
+    ```bash
     cd XMDEClientAnalyzer
     ```
 
 5. Give the tool executable permission:
 
-    ```console
+    ```bash
     chmod a+x mde_support_tool.sh
     ```
 
 6. Run as a non-root user to install required dependencies:
 
-    ```console
+    ```bash
     ./mde_support_tool.sh
     ```
 
 7. To collect actual diagnostic package and generate the result archive file, run again as root:
 
-    ```console
+    ```bash
     sudo ./mde_support_tool.sh -d
     ```