University of Southampton


Using the Microsoft Defender for Endpoint Installer for macOS (from Software Download Site)

Before you start

This article is designed to be accessed in tandem with the Microsoft Defender for Endpoint installer for macOS which is available on the Software Download website.  Due to the way that Apple implement some of their security features, there is a small amount of necessary user interaction during the installation of the software, which is detailed below.

  • The Microsoft Defender for Endpoint installer has been packaged by iSolutions to simplify Microsoft's installation process for unmanaged machines.
  • It will also test for the existence of Symantec Endpoint Protection (the University's previous antivirus software offering) and automatically remove it.
  • Microsoft Defender for Endpoint will only install on macOS 10.13 (High Sierra) and above (including 11.0 Big Sur). Please do not use the package if your macOS device is using an older operating system
  • The package requires your macOS device to be connected to the internet during the installation (to be able to licence and update Defender). Once installed, you may disconnect from the internet if required.  It may also download a reasonable amount of data during the upgrade, so it's recommended not to run the package when tethered to a mobile phone (unless you have an unlimited data package)

Installing on macOS High Sierra, Mojave, Catalina or Big Sur (10.13-10.15 plus 11.0)

Download the installer from the software download website

If you double click on the package to run it, you may get a prompt that it "...cannot be opened because it is from an unidentified developer"  

Instead right-click on the package (or hold the"control" key down on your keyboard and then left-click) then choose "Open". You will then be given the option to "Open" the package.

The first two screens you'll see are the standard "Introduction" screen, and the "Important Information" screen (which is a summary of the most important information covered below):


The installer will then display the name of the disk that is is going to attempt to install on, and will ask for elevated permissions:

It will remind you that a reboot is required and double check that you're in a position to continue:

Microsoft's installer may then ask for permission to access your "Downloads" folder (macOS 10.15+).  This isn't actually required, so answer "Don't Allow" or "OK" as you wish: 

The installer will then move on to the "Running Package Scripts" section.  This is where most of the installation actually takes place and can take 5 minutes or more (depending on hardware and internet speed). Please be patient! 

The installation will pause while it waits for you to approve Microsoft Defender's System Extension (this is an Apple Security feature that, quite correctly, cannot be automated)

macOS 10.13 - 10.15

Please note: The system extensions installed by this package are always the newest versions and are compatible with macOS Big Sur 

macOS 11.0+

Unlock the Security Preferences by clicking the padlock and typing in your password (macOS 10.15 and above only):

Then click the "Allow" button.  The prompt will clear from the Security and Privacy Settings once it has been approved: 

macOS 10.13 - 10.15

macOS 11.0+

Please note: Defender for macOS 11.0 and above will give an additional prompt to "allow network content filtering" after the system extensions have been approved. Please also "Allow" this feature

The installation will then resume (this isn't immediately obvious!). On macOS 10.15 and above you may eventually see a brief "Verifying Microsoft Defender" pop up, followed by a notification asking you to allow notifications from Microsoft Defender (you may allow or disallow this as you prefer. We recommend allowing it so that you get obvious notifications of any malware it discovers or update actions it requires):

macOS 10.13 - 10.15

macOS 11.0+

You may also see a notification from Microsoft AutoUpdate asking you to confirm that you've read Microsoft's Privacy notice. This is part of the Defender definition update process:

Once Defender is fully up-to-date, the installation process needs to be completed by rebooting your system:

Allowing Microsoft Defender Full Disk Access (macOS version 10.15 and above)

Apple introduced additional security measures on macOS Catalina onward which require you to manually grant Microsoft Defender "Full Disk" access (i.e. the ability to read and modify files on your hard disk, without which it cannot scan for and remediate malware).

Right-clicking the Microsoft Defender icon will show an "Action recommended" option. Clicking that will open Microsoft Defender...

...which, in turn, will show you what action needs to be taken. Clicking "Fix" will open Security Preferences for you:

Unlock the Security Preferences by clicking the padlock and typing in your password. Then, under the "Full Disk Access" section, tick the checkbox(s) next to "Microsoft Defender ATP":

macOS 10.13 - 10.15


macOS 11.0+


Basic configuration of Microsoft Defender is now complete.  Please see this knowledgebase article for more detailed information on how to use the product as well as how to set your own preferences up

Further Reading

Configuring and Using Microsoft Defender for Endpoint for macOS

Attached files:

Was this article helpful?

If you have any further comments, please put them below.

Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.

Thank you for your feedback, it is much appreciated.

Tweet This Article

Back to List

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.