- Microsoft Excel For Mac Catalina
- Microsoft Office For Mac Catalina
- Microsoft 365 For Mac Catalina
- Microsoft Word For Catalina
Microsoft AutoUpdate makes sure your copy of Office will always be up-to-date with the latest security fixes and improvements. If you are a Microsoft 365 subscriber, you'll also receive the newest features and tools. Check for updates and install. Open an Office app such as Word, then on the top menu, click Help Check for Updates.
Here's what you can do if you upgraded to Catalina on your Mac and Microsoft Office won't work anymore. $1 for 3 months. $1 for 3 months. Important: In order to upgrade to Microsoft 365 or Office 2019, your Mac needs to meet the minimum operating system and hardware requirements. With the release of macOS 10.15 Catalina, Microsoft 365 for Mac and Office 2019 for Mac currently support macOS 10.15, 10.14, and 10.13. For more information, see this article. Why is Microsoft doing this? Microsoft 365 for Mac. Do your best work with Office apps in Microsoft 365—anywhere, anytime, with anyone. For home For business Get Office apps for Mac. Start quickly with the most recent versions of Word, Excel, PowerPoint, Outlook, OneNote and OneDrive —combining the familiarity of Office and the unique Mac features you love. Apple: Microsoft Excel not working on macOS CatalinaHelpful? Please support me on Patreon: thanks & praise to God.
Important
The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new. This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the Applies To section and look for specific call outs in this article where there might be differences.
Play avi files on mac. Note
This documentation explains the legacy method for deploying and configuring Microsoft Defender for Endpoint on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices.
The blog post MEM simplifies deployment of Microsoft Defender for Endpoint for macOS explains the new features. To configure the app, go to Settings for Microsoft Defender for Endpoint for Mac in Microsoft InTune. To deploy the app, go to Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune.
Applies to:
This topic describes how to deploy Microsoft Defender for Endpoint for Mac through Intune. A successful deployment requires the completion of all of the following steps:
Prerequisites and system requirements
Before you get started, see the main Microsoft Defender for Endpoint for Mac page for a description of prerequisites and system requirements for the current software version.
Overview
The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender for Endpoint for Macs, via Intune. More detailed steps are available below.
Step | Sample file names | BundleIdentifier |
---|---|---|
Download installation and onboarding packages | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
Approve System Extension for Microsoft Defender for Endpoint | MDATP_SysExt.xml | N/A |
Approve Kernel Extension for Microsoft Defender for Endpoint | MDATP_KExt.xml | N/A |
Grant full disk access to Microsoft Defender for Endpoint | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
Network Extension policy | MDATP_NetExt.xml | N/A |
Configure Microsoft AutoUpdate (MAU) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
Microsoft Defender for Endpoint configuration settings Note: If you are planning to run a third-party AV for macOS, set passiveMode to true . | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
Download installation and onboarding packages
Download the installation and onboarding packages from Microsoft Defender Security Center:
In Microsoft Defender Security Center, go to Settings > Device Management > Onboarding.
Set the operating system to macOS and the deployment method to Mobile Device Management / Microsoft Intune.
Select Download installation package. Save it as wdav.pkg to a local directory.
Select Download onboarding package. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
Download IntuneAppUtil from https://docs.microsoft.com/intune/lob-apps-macos.
From a command prompt, verify that you have the three files.
Extract the contents of the .zip files:
Make IntuneAppUtil an executable:
Create the wdav.pkg.intunemac package from wdav.pkg:
Client device setup
You do not need any special provisioning for a Mac device beyond a standard Company Portal installation.
Confirm device management.
Select Open System Preferences, locate Management Profile on the list, and select Approve... Your Management Profile would be displayed as Verified:
Select Continue and complete the enrollment.
You may now enroll more devices. Toast titanium pro mac. You can also enroll them later, after you have finished provisioning system configuration and application packages.
In Intune, open Manage > Devices > All devices. Here you can see your device among those listed:
Approve System Extensions
To approve the system extensions:
In Intune, open Manage > Device configuration. Select Manage > Profiles > Create Profile.
Choose a name for the profile. Change Platform=macOS to Profile type=Extensions. Select Create.
In the
Basics
tab, give a name to this new profile.In the
Configuration settings
tab, add the following entries in theAllowed system extensions
section:Bundle identifier Team identifier com.microsoft.wdav.epsext UBF8T346G9 com.microsoft.wdav.netext UBF8T346G9 In the
Assignments
tab, assign this profile to All Users & All devices.Review and create this configuration profile.
Create System Configuration profiles
In Intune, open Manage > Device configuration. Select Manage > Profiles > Create Profile.
Choose a name for the profile. Change Platform=macOS to Profile type=Custom. Select Configure.
Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections.
Select OK.
Select Manage > Assignments. In the Include tab, select Assign to All Users & All devices.
Repeat steps 1 through 5 for more profiles.
Create another profile, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.
Download
fulldisk.mobileconfig
from our GitHub repository and save it astcc.xml
. Create another profile, give it any name and upload this file to it.Caution
macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download
netfilter.mobileconfig
from our GitHub repository, save it as netext.xml and deploy it using the same steps as in the previous sections.To allow Microsoft Defender for Endpoint for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download
notif.mobileconfig
from our GitHub repository and import it as a custom payload.Select Manage > Assignments. In the Include tab, select Assign to All Users & All devices.
Once the Intune changes are propagated to the enrolled devices, you can see them listed under Monitor > Device status:
Publish application
In Intune, open the Manage > Client apps blade. Select Apps > Add.
Select App type=Other/Line-of-business app.
Select file=wdav.pkg.intunemac. Select OK to upload.
Select Configure and add the required information.
Use macOS High Sierra 10.13 as the minimum OS.
Set Ignore app version to Yes. Other settings can be any arbitrary value.
Caution
Setting Ignore app version to No impacts the ability of the application to receive updates through Microsoft AutoUpdate. See Deploy updates for Microsoft Defender for Endpoint for Mac for additional information about how the product is updated.
If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See Deploy updates for Microsoft Defender for Endpoint for Mac for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with Ignore app version set to No, please change it to Yes. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy.
Select OK and Add.
It may take a few moments to upload the package. After it's done, select the package from the list and go to Assignments and Add group.
Change Assignment type to Required.
Select Included Groups. Select Make this app required for all devices=Yes. Select Select group to include and add a group that contains the users you want to target. Select OK and Save.
After some time the application will be published to all enrolled devices. You can see it listed in Monitor > Device, under Device install status:
Verify client device state
After the configuration profiles are deployed to your devices, open System Preferences > Profiles on your Mac device.
Verify that the following configuration profiles are present and installed. The Management Profile should be the Intune system profile. Wdav-config and wdav-kext are system configuration profiles that were added in Intune:
You should also see the Microsoft Defender icon in the top-right corner:
Troubleshooting
Issue: No license found
Solution: Follow the steps above to create a device profile using WindowsDefenderATPOnboarding.xml
Logging installation issues
For more information on how to find the automatically generated log that is created by the installer when an error occurs, see Logging installation issues.
Uninstallation
See Uninstalling for details on how to remove Microsoft Defender for Endpoint for Mac from client devices.
-->Important
The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new. This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the Applies To section and look for specific call outs in this article where there might be differences.
Applies to:
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Important
On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on this page.
Important
Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
101.19.88 (20.121011.11988.0)
- Performance improvements & bug fixes
101.19.48 (20.120121.11948.0)
Note
The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see Resources.
- Added a new command-line switch to disable the network extension:
mdatp system-extension network-filter disable
. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac - Performance improvements & bug fixes
101.19.21 (20.120101.11921.0)
- Bug fixes
101.15.26 (20.120102.11526.0)
- Improved the reliability of the agent when running on macOS 11 Big Sur
- Added a new command-line switch (
--ignore-exclusions
) to ignore AV exclusions during custom scans (mdatp scan custom
) - Performance improvements & bug fixes
101.13.75 (20.120101.11375.0)
- Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
- Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)
- Bug fixes
101.10.72
- Bug fixes
101.09.61
- Added a new managed preference for disabling the option to send feedback
- Status menu icon now shows a healthy state when the product settings are managed. Previously, the status menu icon was displaying a warning or error state, even though the product settings were managed by the administrator
- Performance improvements & bug fixes
101.09.50
This product version has been validated on macOS Big Sur 11 beta 9
The new syntax for the
mdatp
command-line tool is now the default one. For more information on the new syntax, see Resources for Microsoft Defender for Endpoint for MacNote
The old command-line tool syntax will be removed from the product on January 1st, 2021.
Extended
mdatp diagnostic create
with a new parameter (--path [directory]
) that allows the diagnostic logs to be saved to a different directoryPerformance improvements & bug fixes
101.09.49
- User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user
- Improved CPU utilization during on-demand scans
- Performance improvements & bug fixes
101.07.23
Added new fields to the output of
mdatp --health
for checking the status of passive mode and the EDR group IDNote
mdatp --health
will be replaced withmdatp health
in a future product update.Recommended antivirus for mac. Fixed a bug where automatic sample submission was not marked as managed in the user interface
Added new settings for controlling the retention of items in the antivirus scan history. You can now specify the number of days to retain items in the scan history and specify the maximum number of items in the scan history
Bug fixes
101.06.63
- Addressed a performance regression introduced in version
101.05.17
. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.
101.05.17
Important
We are working on a new and enhanced syntax for the mdatp
command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.
We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
- Performance improvements & bug fixes
Microsoft Excel For Mac Catalina
101.05.16
- Improvements to quick scan logic to significantly reduce the number of scanned files
- Added autocompletion support for the command-line tool
- Bug fixes
101.03.12
- Performance improvements & bug fixes
101.01.54
Microsoft Office For Mac Catalina
- Improvements around compatibility with Time Machine
- Accessibility improvements
- Performance improvements & bug fixes
101.00.31
Microsoft 365 For Mac Catalina
- Improved product onboarding experience for Intune users
- Antivirus exclusions now support wildcards
- Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select Scan with Microsoft Defender for Endpoint
- In-place product downgrades are now explicitly disallowed by the installer. If you need to downgrade, first uninstall the existing version and reconfigure your device
- Other performance improvements & bug fixes
100.90.27
- You can now set an update channel for Microsoft Defender for Endpoint for Mac that is different from the system-wide update channel
- New product icon
- Other user experience improvements
- Bug fixes
100.86.92
- Improvements around compatibility with Time Machine
- Addressed an issue where the product was sometimes not cleaning all files under
/Library/Application Support/Microsoft/Defender
during uninstallation - Reduced the CPU utilization of the product when Microsoft products are updated through Microsoft AutoUpdate
- Other performance improvements & bug fixes
100.86.91
Caution
To ensure the most complete protection for your macOS devices and in alignment with Apple stopping delivery of macOS native security updates to OS versions older than [current – 2], MDATP for Mac deployment and updates will no longer be supported on macOS Sierra [10.12]. MDATP for Mac updates and enhancements will be delivered to devices running versions Catalina [10.15], Mojave [10.14], and High Sierra [10.13].
If you already have MDATP for Mac deployed to your Sierra [10.12] devices, please upgrade to the latest macOS version to eliminate risks of losing protection.
- Performance improvements & bug fixes
100.83.73
- Addressed a performance regression introduced in version
101.05.17
. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.
101.05.17
Important
We are working on a new and enhanced syntax for the mdatp
command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.
We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.
- Addressed a kernel panic that occurred sometimes when accessing SMB file shares
- Performance improvements & bug fixes
Microsoft Excel For Mac Catalina
101.05.16
- Improvements to quick scan logic to significantly reduce the number of scanned files
- Added autocompletion support for the command-line tool
- Bug fixes
101.03.12
- Performance improvements & bug fixes
101.01.54
Microsoft Office For Mac Catalina
- Improvements around compatibility with Time Machine
- Accessibility improvements
- Performance improvements & bug fixes
101.00.31
Microsoft 365 For Mac Catalina
- Improved product onboarding experience for Intune users
- Antivirus exclusions now support wildcards
- Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select Scan with Microsoft Defender for Endpoint
- In-place product downgrades are now explicitly disallowed by the installer. If you need to downgrade, first uninstall the existing version and reconfigure your device
- Other performance improvements & bug fixes
100.90.27
- You can now set an update channel for Microsoft Defender for Endpoint for Mac that is different from the system-wide update channel
- New product icon
- Other user experience improvements
- Bug fixes
100.86.92
- Improvements around compatibility with Time Machine
- Addressed an issue where the product was sometimes not cleaning all files under
/Library/Application Support/Microsoft/Defender
during uninstallation - Reduced the CPU utilization of the product when Microsoft products are updated through Microsoft AutoUpdate
- Other performance improvements & bug fixes
100.86.91
Caution
To ensure the most complete protection for your macOS devices and in alignment with Apple stopping delivery of macOS native security updates to OS versions older than [current – 2], MDATP for Mac deployment and updates will no longer be supported on macOS Sierra [10.12]. MDATP for Mac updates and enhancements will be delivered to devices running versions Catalina [10.15], Mojave [10.14], and High Sierra [10.13].
If you already have MDATP for Mac deployed to your Sierra [10.12] devices, please upgrade to the latest macOS version to eliminate risks of losing protection.
- Performance improvements & bug fixes
100.83.73
- Added more controls for IT administrators around management of exclusions, management of threat type settings, and disallowed threat actions
- When Full Disk Access is not enabled on the device, a warning is now displayed in the status menu
- Performance improvements & bug fixes
100.82.60
- Addressed an issue where the product fails to start following a definition update.
100.80.42
- Bug fixes
100.79.42
- Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
- Added a new switch to the command-line utility for testing the connectivity with the backend service
- Added ability to view the full threat history in the user interface (can be accessed from the Protection history view)
- Performance improvements & bug fixes
100.72.15
- Bug fixes
100.70.99
- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender for Endpoint locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
Microsoft Word For Catalina
100.68.99
- Added the ability to configure the antivirus functionality to run in passive mode
- Performance improvements & bug fixes
100.65.28
Added support for macOS Catalina
Caution
macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
- For manual deployments, see the updated instructions in the Manual deployment topic.
- For managed deployments, see the updated instructions in the JAMF-based deployment and Microsoft Intune-based deployment topics.
Performance improvements & bug fixes