Over the last two years, the world has dramatically changed both in our daily lives and how companies conduct business. In the pre-pandemic world, eroding network boundaries and the maturity of SaaS applications precipitated endpoint-first design. The pandemic and post-pandemic era demand it, the world is embracing hybrid workplaces and zero trust postures.
When we first launched Network Protection for Windows and built powerful Web Protection and Microsoft Defender for Cloud Apps (MDA) capabilities on top of it, we knew our vision to bring you our proxy-less endpoint first architecture would remain incomplete until we delivered for macOS and Linux. That day has arrived, and we could not be more excited to share that Network and Web Protection for macOS and Linux is now in Public Preview.
Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
How to evaluate Network Protection and the features it enables:
Explore Network Protection on macOS
Prerequisites & Requirements
Licensing: Microsoft Defender for Endpoint tenant (can be trial)
Minimum macOS version: 11 (Big Sur)
MDE product version: 101.78.13
Your device must be in the InsiderSlow or InsiderFast Microsoft AutoUpdate update channel. You can check the update channel using the following command:
mdatp health --field release_ring
If your device is not already in the InsiderSlow update channel, execute the following command from the Terminal. The channel update takes effect next time the product starts (when the next product update is installed or when the device is rebooted).
Note: Discovery and other features are currently not supported on macOS and Linux platforms.
On device experience
When an end user attempts to access monitored domains on macOS/Linux, their navigation effort will be audited/blocked (depending on Network Protection policy). On macOS, the user will also be informed by Microsoft Defender for Endpoint via toast.
The user will get a plain block experience accompanied by the following toast message which will be displayed by the operating system including the name of the blocked application or website (e.g Blogger.com)
No block pages are shown in third-party browsers, and the user sees a "Secure Connection Failed' page along with a toast notification. Depending on the policy responsible for the block, a user will see a different message in the toast notification. For example, web content filtering will display the message 'This content is blocked'.
We are looking forward to hearing your feedback and answering any questions you may have!
Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense in a single unified platform. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.