Mark a device non-compliant after 7 days of inactivity in the Microsoft Defender for Endpoint mobile app.
To be protected, customers must be confident that their end users’ devices are compliant with security policies. Today, end-users are often able to bypass protections that are set by their organization. For example, users uninstall, disable settings/permissions, and force stop or clear storage of their Defender for Endpoint mobile app. Removing or disabling the Defender for Endpoint app can leave a mobile device more vulnerable to an attack.
We are excited to announce the general availability of tamper protection for mobile devices. This new feature helps ensure the retention of the Defender for Endpoint mobile app on users’ devices and helps protect devices persistently. This feature detects devices that are out of protection for over 7 days, due to tampering with the Defender for Endpoint mobile app. These devices are marked non-compliant in Microsoft Intune (part of Microsoft Endpoint Manager).
Organizations can also set up Conditional Access policies to enforce the activation and use of the Defender for Endpoint mobile app. With these Conditional Access policies in place, users can access corporate resources only if their devices are in a compliant state. Blocked users can regain access only after the Defender for Endpoint mobile app is set up with all required permissions and the app is actively sending signals to Defender for Endpoint.
For this initial release we have scoped the detection of devices out of protection for 7 days. In upcoming releases, we plan to make this duration configurable by your security admin or your tenant admin.
How to get and configure this feature
- If you have enabled Microsoft Defender for Endpoint (MDE) preview features in MDE portal, you can preview this feature today! If not, we encourage you to turn on preview features for Microsoft Defender for Endpoint to preview this feature and get access to the newest capabilities.
- Set up a Device compliance policy that requires Defender for Endpoint to be at or under the following machine risk score: Low (Your risk score can be set per your organization’s requirements)
- Set up a Conditional Access policy to block access to corporate resources on devices that are non-compliant with your device compliance policy.
Try tamper protection for mobile devices out and let us know how it goes! We’re excited to share these new updates with you and continue to build on security capabilities across platforms.
We look forward to hearing your feedback!
When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Defender for Endpoint by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Microsoft Privacy Statement