Mobile threat defense capabilities in Microsoft Defender for Business
Microsoft Defender for Business provides advanced threat protection capabilities for devices, such as Windows and Mac clients. Defender for Business capabilities now include mobile threat defense! Mobile threat defense capabilities help protect Android and iOS devices, without requiring you to use Microsoft Intune to onboard mobile devices.
In addition, mobile threat defense capabilities integrate with Microsoft 365 Lighthouse, where Cloud Solution Providers (CSPs) can view information about vulnerable devices and help mitigate detected threats.
What's included in mobile threat defense?
The following table summarizes the capabilities that are included in mobile threat defense in Defender for Business:
| Capability | Android | iOS |
|---|---|---|
| Web Protection Anti-phishing, blocking unsafe network connections, and support for custom indicators. Web protection is turned on by default with web content filtering. |
|
|
| Malware protection (Android-only) Scanning for malicious apps. |
|
No |
| Jailbreak detection (iOS-only) Detection of jailbroken devices. |
No |
|
| Microsoft Defender Vulnerability Management Vulnerability assessment of onboarded mobile devices. Includes vulnerability assessments for operating systems and apps for Android and iOS. See Use your vulnerability management dashboard in Microsoft Defender for Business. |
|
See note 1 (below) |
| Network Protection Protection against rogue Wi-Fi related threats and rogue certificates. Network protection is turned on by default with next-generation protection. As part of mobile threat defense, network protection also includes the ability to allow root certification authority and private root certification authority certificates in Intune. It also establishes trust with endpoints. |
See note 2 (below) | See note 2 (below) |
| Unified alerting Alerts from all platforms are listed in the unified Microsoft Defender portal (https://security.microsoft.com). In the navigation pane, choose Incidents). See View and manage incidents in Microsoft Defender for Business |
|
|
| Conditional Access and conditional launch Conditional Access and conditional launch block risky devices from accessing corporate resources. - Conditional Access policies require certain criteria to be met before a user can access company data on their mobile device. - Conditional launch policies enable your security team to block access or wipe devices that don't meet certain criteria. Defender for Business risk signals can also be added to app protection policies. |
Requires Intune (see note 3 below) |
Requires Intune (see note 3 below) |
| Privacy controls Configure privacy in threat reports by controlling the data sent by Defender for Business. Privacy controls are available for admin and end users, and for both enrolled and unenrolled devices. |
Requires Intune (see note 3 below) | Requires Intune (see note 3 below) |
| Integration with Microsoft Tunnel Integration with Microsoft Tunnel, a VPN gateway solution for Intune. |
Requires Intune VPN Tunnel (see note 4 below) |
Requires Intune VPN Tunnel (see note 4 below) |
Note
Intune is required for software/app vulnerabilities to be reported. Operating system vulnerabilities are included by default.
Intune is required to configure or manage an allow list of root certification authority and private root certification authority certificates.
Intune is included in Microsoft 365 Business Premium. Intune can be added on to Defender for Business.
How to get mobile threat defense capabilities
Mobile threat defense capabilities are now generally available to Defender for Business customers. Here's how to get these capabilities for your organization:
Make sure that Defender for Business has finished provisioning. In the Microsoft Defender portal, go to Assets > Devices.
- If you see a message that says, "Hang on! We're preparing new spaces for your data and connecting them," it means that Defender for Business hasn't finished provisioning. This process is happening now, and can take up to 24 hours to complete.
- If you see a list of devices, or you're prompted to onboard devices, it means Defender for Business provisioning has completed.
Review, and if necessary, edit your next-generation protection policies.
Review, and if necessary, edit your firewall policies and custom rules.
Review, and if necessary, edit your web content filtering policy.
To onboard mobile devices, see the "Use the Microsoft Defender app" procedures in Onboard devices to Microsoft Defender for Business.
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for