Got Mac OSX? Are they enrolled into Intune? If so, then deploying Microsoft Defender ATP (MDATP) to these devices is done in 7 easy clicks.
Start off by browsing to Microsoft Endpoint Manager at https://endpoint.microsoft.com
Yes, that was easy, however, the fine print is you first must deploy a kernel extension profile *BEFORE* the 7 steps above, otherwise the user will see “System extension blocked.”
If for some reason you missed that step, users must approve the extension manually by going to Security Preferences > Security & Privacy on the Mac and select Allow.
Other helpful scripts and tips are available on the Microsoft blog (here).