none
Defender ATP MacOS - Schedule scan config not working -2016341110 (0x87D1138A) RRS feed

  • Question

  • Hi,

    We are looking at deploying Defender ATP to all our Mac devices via Intune.  We have the install and general configuration of the app working as expected from the Intune Portal, however I now want to schedule weekly scans to run on them.

    I've used a microsoft docs reference page as a reference.  Can be found by searching for "mac-schedule-scan-atp".  (I just can't put links in my question as I'm not verified yet).


    I've tried adding a custom configuration profile (as per our other configuration settings) to intune calling it "com.microsoft.wdav.schedfullscan".  We've replaced all reference to 'quickscan' with 'fullscan' as that's what we'd like to run.

    Snippet of code:

    <plist version="1.0">
    <dict>
    <key>Label</key>
    <string>com.microsoft.wdav.schedfullscan</string>
    <key>ProgramArguments</key>
    <array>
    <string>sh</string>
    <string>-c<string>
    <string>/usr/local/bin/mdatp --scan --full<string>

    When we try to apply this config however we get an error in Intune:

    root\ccm\cimodels:CustomConfiguration.Key='com.microsoft.wdav.schedfullscan',Type=8

    ERROR CODE
    0x87d1138a
    ERROR DETAILS
    iOS device has rejected the command due to incorrect format


    Has anyone else come across this before?  Or can suggest what I could try to get this working?

    Thanks.

    Friday, July 24, 2020 2:19 AM