Forum Discussion
Microsoft Defender for Android Company Owned Work Profile
That's a shame. We tested DEFENDER with no issues internally and are now rolling out to a client and we are getting the same error despite the fact the devices should be the same as our testing ones. Go figure.
Daniel Simpson - Any update from your end at all?
Just a quick update on this:
I've tested this today with "corporate owned - work profile" mode (COPE).
Result: NOT Working, what a pitty. 😞
(In my scenario i've configured the always on VPN, too, but i wasn't able to connect. Therefore there were no connectivity in the work profile at all, so no internet. (Which means: I was unable to remove the AlwaysOn VPN Config via Intune, because the lack of internet connectivity)...Last chance: factory reset 😄
Because this COPE Mode is the most used one it would be so important to have DFE!
Daniel Simpson. Any Updates on this?
- Today I've tested a COPE Android device with Defender for Endpoint. It is working! 🙂
What i did (long story short)
1. Security.microsoft.com \ Settings \ Endpoints \ Advanced features: Intune Connection > ON
2. Intune \ Tenant Administration \ Connectos and Tokens \ Microsoft Defender for Endpoint: Android enabled
3. installed Defender App via "managed google play"
4. App Configuration Profile for Defender App
5. Device Configuration Profile for Always-on VPN BUT without "lockdown mode" enabled.(This breaks the whole internet in corporate profile and makes it necescary to wipe and re-enroll the device. :--D
6. Optional: Compliance and AppProtection
The only thing which isn't that nice is that the user needs to click through a few steps after first start of the Defender App. There seem to be a few preview settings in the app config. (e.g. "low touch onboarding", but they're not working yet. (as mentioned in this thread: https://www.reddit.com/r/DefenderATP/comments/17v5kh2/defender_on_android_work_profile_low_touch/)
