Merge pull request #1062 from YongRhee-MSFT/docs-editor/mac-install-with-intune-1722518860

Update mac-install-with-intune.md

Author: denisebmsft

defender-endpoint/mac-install-with-intune.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 05/20/2024
+ms.date: 08/01/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune
@@ -65,7 +65,7 @@ In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
-   This profile is needed for Big Sur (11) or later. It is ignored on older versions of macOS, because they use the kernel extension.
+   This profile is needed for Big Sur (11) or later. It's ignored on older versions of macOS, because they use the kernel extension.
 
 1. On the **Policies** tab, select **Create** > **New Policy**. 
 
@@ -100,7 +100,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 
 Download [netfilter.mobileconfig](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
 
-To configure network filter:
+To configure your network filter:
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
@@ -160,7 +160,7 @@ To configure Full Disk Access:
 1. Review the configuration profile. Select **Create**.
 
 > [!NOTE]
-> Full Disk Access granted through Apple MDM Configuration Profile is not reflected in System Settings => Privacy & Security => Full Disk Access.
+> Full Disk Access granted through Apple MDM Configuration Profile is not reflected in **System Settings** > **Privacy & Security** > **Full Disk Access**.
 
 ### Step 4: Background services
 
@@ -267,10 +267,10 @@ Download [accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/b
 
 ### Step 7: Bluetooth permissions
 
-   > [!CAUTION]
-   > macOS 14 (Sonoma) contains new privacy enhancements. Beginning with this version, by default, applications cannot access Bluetooth without explicit consent. Microsoft Defender for Endpoint uses it if you configure Bluetooth policies for Device Control.
+> [!CAUTION]
+> macOS 14 (Sonoma) contains new privacy enhancements. Beginning with this version, by default, applications cannot access Bluetooth without explicit consent. Microsoft Defender for Endpoint uses it if you configure Bluetooth policies for Device Control.
 
-Download [bluetooth.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/bluetooth.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles) and use the same workflow as for the Accessibility settings above to enable Bluetooth access.
+Download [bluetooth.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/bluetooth.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles) and use the same workflow as for the Accessibility settings mentioned earlier in this article to enable Bluetooth access.
 
 > [!NOTE]
 > Bluetooth granted through Apple MDM Configuration Profile is not reflected in System Settings => Privacy & Security => Bluetooth.
@@ -288,7 +288,7 @@ For more information, see [Deploy updates for Microsoft Defender for Endpoint on
 Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/microsoft_auto_update/com.microsoft.autoupdate2.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/settings/microsoft_auto_update).
 
 > [!NOTE]
-> The sample AutoUpdate2.mobileconfig from the GitHub repository has it set to Current Channel (Production).
+> The sample `AutoUpdate2.mobileconfig` from the GitHub repository has it set to Current Channel (Production).
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
@@ -316,31 +316,15 @@ Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blo
 
 ### Step 9: Microsoft Defender for Endpoint configuration settings
 
-In this step, we go over *Preferences* that enables you to configure anti-malware and EDR policies using Microsoft Defender XDR portal ([https://security.microsoft.com](https://security.microsoft.com)) **or** Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)).
+In this step, we go over *Preferences* that enables you to configure anti-malware and EDR policies using Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)).
 
-#### 9a. Set policies using Microsoft Defender portal
-
-1. Go through [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure) before setting the security policies using Microsoft Defender for Endpoint Security Settings Management.
-
-2. In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47), go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**.
-
-3. Under **Select Platform**, select **macOS**.
-
-4. Under **Select Template**, choose a template and select **Create Policy**.
-
-5. Specify a name and description for the policy, and then select **Next**.
-
-6. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or **All Users** and **All devices**.
-
-For more information about managing security settings, see:
-
-- [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration?pivots=mdssc-ga)
-- [Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617)
+> [!NOTE]
+> If managed via Intune, it will not allow for the device to register via the Microsoft Defender for Endpoint Security Settings Management ([Microsoft Defender XDR portal (https://security.microsoft.com)](Microsoft Defender XDR portal (https://security.microsoft.com) or)).
 
 > [!IMPORTANT]
-> The policies set via Intune will take precedence over the Microsoft Defender for Endpoint Security Settings Management.
-
-#### Set policies using Microsoft Intune
+> Important
+> Only the policies set via Intune will take effect, and the Microsoft Defender for Endpoint Security Settings Management will not be used.
+#### **Set policies using Microsoft Intune**
 
 You can manage the security settings for Microsoft Defender for Endpoint on macOS under **Setting Preferences** in Microsoft Intune.
 
@@ -372,9 +356,8 @@ In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?t
 
 1. Review the policy in **Review+Create** and select **Save**. 
 
-
 > [!TIP]
-> You can also configure network protection by appending the information from [**Network protection to help prevent macOS connections to bad sites**](network-protection-macos.md) to the .mobileconig from step 8.
+> You can also configure network protection by appending the information from [**Network protection to help prevent macOS connections to bad sites**](network-protection-macos.md) to the `.mobileconfig` from step 8.
 
 ### Step 11: Device Control for Microsoft Defender for Endpoint on macOS
 
@@ -463,7 +446,7 @@ You can visit **Apps** > **By platform** > **macOS** to see it on the list of al
 For more information, see [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](/mem/intune/apps/apps-advanced-threat-protection-macos).
 
 > [!IMPORTANT]
-> You should create and deploy the configuration profiles in the above order (step 1-13) for a successful system configuration.
+> You should create and deploy the configuration profiles in the order specified (steps 1-13) for a successful system configuration.
 
 #### Step 15: Download the onboarding package