Skip to content

Commit eddcf9a

Browse files
denisebmsftdenisebmsft
authored
Merge branch 'main' into docs-editor/mac-whatsnew-1750898710
2 parents abf9d75 + f025f00 commit eddcf9a

File tree

1 file changed

+4
-8
lines changed

1 file changed

+4
-8
lines changed

defender-endpoint/behavior-monitor-macos.md

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ ms.author: ewalsh
66
manager: deniseb
77
ms.service: defender-endpoint
88
ms.topic: overview
9-
ms.date: 06/06/2025
9+
ms.date: 06/27/2025
1010
ms.subservice: ngp
1111
audience: ITPro
1212
ms.collection:
@@ -42,13 +42,9 @@ Behavior monitoring monitors process behavior to detect and analyze potential th
4242
## Prerequisites
4343

4444
- The device must be onboarded to Microsoft Defender for Endpoint.
45-
- [Preview features](/defender-endpoint/preview) must be enabled in the [Microsoft Defender portal](https://security.microsoft.com).
46-
- The device must be in the [Beta channel](/defender-endpoint/mac-updates) (formerly `InsiderFast`).
47-
- The minimum Microsoft Defender for Endpoint version number must be Beta (Insiders-Fast): [101.24042.0002](/defender-endpoint/mac-whatsnew#may-2024-build-101240420008---release-version-2012404280) or newer. The version number refers to the `app_version` (also known as **Platform update**).
45+
- The minimum Microsoft Defender for Endpoint version number must be [101.25032.0006](/defender-endpoint/mac-whatsnew#apr-2025-build-101250320006---release-version-2012503260) or newer. The version number refers to the `app_version` (also known as **Platform update**).
4846
- Real-time protection (RTP) must be enabled.
4947
- [Cloud-delivered protection](/defender-endpoint/mac-preferences) must be enabled.
50-
- The device must be explicitly enrolled in the preview program.
51-
5248
## Deployment instructions for behavior monitoring
5349

5450
To deploy behavior monitoring in Microsoft Defender for Endpoint on macOS, you must change the behavior monitoring policy using one of the following methods:
@@ -283,12 +279,12 @@ NRI should have a low impact on network performance. Instead of holding the conn
283279
sudo mdatp config behavior-monitoring --value enabled
284280
```
285281

286-
3. Enable network protection in block mode:
282+
1. Enable network protection in block mode:
287283

288284
```Bash
289285
sudo mdatp config network-protection enforcement-level --value block
290286
```
291-
287+
292288
1. Enable network real-time inspection (NRI):
293289

294290
```Bash

0 commit comments

Comments
 (0)