IBP – DfB – macOS – Antivirus

✅ Enforce a consistent baseline antivirus posture for macOS devices, aligned to Essential Eight – Malware Protection (IBP / Maturity Level 1).

➡️ This policy ensures all macOS endpoints are protected by Microsoft Defender with strong, enterprise‑safe defaults.

✅ Devices: All macOS devices
🚫 Exclusions: None

➡️ Every managed macOS device receives the same antivirus baseline. No exceptions.

✅ Microsoft Defender Antivirus enabled
✅ Real‑time malware detection
✅ Archive scanning (.zip, .pkg, .dmg)
✅ Automatic definition updates
✅ Post‑update scanning
✅ Potentially unwanted software detection
✅ Automatic sample submission

➡️ Common macOS malware delivery paths are fully covered.

✅ High enforcement level (no user override)
✅ Tamper Protection enabled
✅ Threat actions enforced automatically
✅ Consumer features disabled (enterprise mode)
✅ Limited scan threads to reduce system impact

➡️ Users cannot disable or weaken antivirus protection.

ℹ️ Note: Enforcement and tamper protection ensure Defender remains active even if a device is targeted by malware or misconfigured by a user.

🚫 Firewall rules
🚫 Attack Surface Reduction (ASR)
🚫 Conditional Access decisions
🚫 Device compliance evaluation

➡️ These controls are managed through separate IBP security policies.

✅ Enabled
✅ Assigned to all macOS devices
✅ Actively enforcing antivirus protection

✅ Meets Essential Eight – Malware Protection (Maturity Level 1)
✅ Antivirus enabled and enforced
✅ Automatic updates and remediation enabled
ℹ️ Advanced investigation and higher telemetry levels are addressed in Maturity Level 2 and 3

This antivirus policy ensures that:

✅ Every macOS device
✅ Uses Microsoft Defender Antivirus
✅ With enforced protection and automatic updates
✅ And no ability for users to disable security controls

This establishes a stable, low‑noise, enterprise‑grade antivirus baseline suitable for Initial Baseline Protection and provides a clear foundation for future uplift to higher Essential Eight maturity levels.