Microsoft Defender for Endpoint - Mobile Threat Defense

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Microsoft Defender for Endpoint on Android and iOS is our mobile threat defense solution (MTD). Typically, companies are proactive in protecting PCs from vulnerabilities and attack while mobile devices often go unmonitored and unprotected. Where mobile platforms have built-in protection such as app isolation and vetted consumer app stores, these platforms remain vulnerable to web-based or other sophisticated attacks. As more employees use devices for work and to access sensitive information, it is imperative that companies deploy an MTD solution to protect devices and your resources from increasingly sophisticated attacks on mobiles.

Key capabilities

Microsoft Defender for Endpoint on Android and iOS provides the below key capabilities, For information about the latest features and benefits, read our announcements.

Capability Description
Web Protection Anti-phishing, blocking unsafe network connections, and support for custom indicators.
Malware Protection (Android-only) Scanning for malicious apps.
Jailbreak Detection (iOS-only) Detection of jailbroken devices.
Microsoft Defender Vulnerability Management (MDVM) Vulnerability assessment of onboarded mobile devices. Includes OS and Apps vulnerabilites assessment for both Android and iOS. Visit this page to learn more about Microsoft Defender Vulnerability Management in Microsoft Defender for Endpoint.
Network Protection Protection against rogue Wi-Fi related threats and rogue certificates; ability to allow list the root CA and private root CA certificates in Intune; establish trust with endpoints.
Unified alerting Alerts from all platforms in the unified M365 security console.
Conditional Access, Conditional launch Blocking risky devices from accessing corporate resources. Defender for Endpoint risk signals can also be added to app protection policies (MAM).
Privacy Controls Configure privacy in the threat reports by controlling the data sent by Microsoft Defender for Endpoint. Privacy controls are available for admin and end users. It's there for enrolled and unenrolled devices as well.
Integration with Microsoft Tunnel Integration with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app. Available on both Android and iOS.

All these capabilities are available for Microsoft Defender for Endpoint license holders. For more information, see Licensing requirements.

Overview and Deploy

Deployment of Microsoft Defender for Endpoint on mobile can be done via Microsoft Endpoint Manager (MEM). Watch this video for a quick overview of MTD capabilities and deployment:


Deploy

The following table summarizes how to deploy Microsoft Defender for Endpoint on Android and iOS. For detailed documentation, see

Android

Enrollment type Details
Android Enterprise with Intune Deploy on Android Enterprise enrolled devices
Device Administrator with Intune Deploy on Device Administrator enrolled devices
Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM) Configure Defender risk signals in app protection policy (MAM)

iOS

Enrollment type Details
Supervised devices with Intune 1. Deploy as iOS store app
2. Setup Web Protection without VPN for supervised iOS devices
Unsupervised (BYOD) devices enrolled with Intune Deploy as iOS store app
Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM) Configure Defender risk signals in app protection policy (MAM)

End-user onboarding

Simplify Onboarding

Pilot evaluation

While evaluating mobile threat defense with Microsoft Defender for Endpoint, you can verify that certain criteria is met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria and ensure that they are satisfied before deploying widely.

This helps reduce potential issues that could arise while rolling out the service. Here are some tests and exit criteria that might help:

  • Devices show up in the device inventory list: After successful onboarding of Defender for Endpoint on the mobile device, verify that the device is listed in the Device Inventory in the security console.

  • Run a malware detection test on an Android device: Install any test virus app from the Google play store and verify that it gets detected by Microsoft Defender for Endpoint. Here is an example app that can be used for this test: Test virus. Note that on Android Enterprise with a work profile, only the work profile is supported.

  • Run a phishing test: Browse to https://smartscreentestratings2.net and verify that it gets blocked by Microsoft Defender for Endpoint. Note that on Android Enterprise with a work profile, only the work profile is supported.

  • Alerts appear in dashboard: Verify that alerts for above detection tests appear on the security console.

Configure

Resources