Enabling PUA as part of Defender for Endpoint and configuring Custom Attributes for macOS using Intune
For the last week or so I have been working on addressing a recommendation flagged in the Defender portal that required configuring Potentially Unwanted Applications (PUA) for macOS. As part of the recommendation, you can either put PUA in 'Audit' or 'Block' mode. I decided to configure it in 'Block' mode and in the process also felt it will be a good time to configure custom attribute for macOS to capture the status of this setting directly in Intune. While Intune's reporting capabilities are evolving ever so much, I feel there is still a lot of catching up to do when it comes to macOS as an operating system. For example, if you want to check the onboarding or AV status in general, you can easily run a report in Intune, but only for Windows. Sure, you can get status through various other methods like Defender Portal, or even by means of custom reports outside Intune, but this is not always desirable, especially for organizations that have heavily segmented