Privacy information - Microsoft Defender for Endpoint on iOS

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.


Defender for Endpoint on iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.

Defender for Endpoint on iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint on iOS secure, up to date, performing as expected, and to support the service.

For more information about data storage, see Microsoft Defender for Endpoint data storage and privacy.

For more information on most common privacy questions about Microsoft Defender for Endpoint on Android and iOS mobile devices, see Microsoft Defender for Endpoint and your privacy on Android and iOS mobile devices.

Required data

Required data consists of data that is necessary to make Defender for Endpoint on iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps.

Here is a list of the types of data being collected:

Web page or Network information

  • Domain name and IP address of the website only when a malicious connection or web page is detected. Information is collected only when Privacy setting is disabled or turned off.

Device and account information

  • Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following:
    • Wi-Fi adapter MAC address
    • Randomly generated globally unique identifier (GUID)
  • Tenant, Device, and User information
    • Microsoft Entra Device ID and Azure User ID - Uniquely identifies the device, User respectively at Microsoft Entra ID.
    • Azure tenant ID - GUID that identifies your organization within Microsoft Entra ID.
    • Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify if there are issues affecting a select set of enterprises and the number of enterprises impacted.
    • User Principal Name - Email ID of the user.

Product and service usage data

The following information is collected only for Microsoft Defender for Endpoint app installed on the device.

  • App package info, including name, version, and app upgrade status.
  • Actions done in the app.
  • Crash report logs generated by iOS.
  • Memory usage data.

Optional Data

Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself.

Optional diagnostic data includes:

  • App, CPU, and network usage for Defender for Endpoint.
  • Features configured by the admin for Defender for Endpoint.

Feedback Data is collected through in-app feedback provided by the user.

  • The user's email address, if they choose to provide it.
  • Feedback type (smile, frown, idea) and any feedback comments submitted by the user.

For more information, see More on Privacy.


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.