Error: "Action needed" in Microsoft Defender for Endpoint on Mac


Symptoms

You receive the following message in Microsoft Defender for Endpoint on your Mac:

Action needed

Screenshot of the a dropdown menu of the Microsoft Defender for endpoint app in the apple menu with the "Action needed" option

Cause

Apple requires that all new system extensions being installed from third-party developers in macOS be manually allowed.

Resolution

  1. Click Action needed.

    Microsoft Defender for Endpoint dropdown with "Action needed" highlighted

  2. In the bottom left-hand corner, click the lock icon.

    Inside the Apple Security and Privacy window, on the privacy tab, with the lock in the bottom-left corner highlighted

  3. Authenticate using Touch ID or the username and password of an administrator on your Mac.

    "System Preferences is trying to unlock Security and Privacy preferences." Touch ID or enter your password to allow this. with Use Password and cancel option available

    System Preferences is trying to unlock Security and Privacy preferences. with a Username field with Some Admin inside and a Password field. Unlock option below is highlighted

  4. In the left-hand pane, ensure that Full Disk Access is chosen. Then, check the boxes next to the following:

    • Microsoft Defender ATP.app
    • Microsoft Defender ATP Endpoint Security Extension

    Inside the Security and Privacy Window on the privacy tab, with Full Disk Access on left hand menu highlighted, and the options below the text "Allow the apps below to acces data like Mail, Messages, Safari, Home, Time Machine backups, and certain administrative settings for all users on this Mac" with options " Microsoft Defender ATP.app and Microsoft Defender ATP Endpoint Security Extension" selected and highlighted/

  5. Close System Preferences.

Outcome

Microsoft Defender for Endpoint will function as expected on your Mac.