Forum Discussion

bjork6's avatar
bjork6
Copper Contributor
Aug 24, 2021

problems with MS Defender for Endpoint on iOS device

Hi. We recently deployed MS Defender for Endpoint on all our iOS devices through Intune. However, since then, people are complaining their internet browsing experience is not good. It's slow, some sites take forever to load (when they do), etc. When we manually disable the Defender VPN connection, it's working again. How can we fix this issue? Thanks.

  • bjork6 Can you please send an in app feedback regarding this issue. For sending the feedback, you can click on Profile picture at the top left -> Send Feedback -> I don't like something. Please enable "diagnostics data" switch in this page. It will allow us to investigate this issue further.

     

    Thanks,

    Akash

  • MarkTheITGuy's avatar
    MarkTheITGuy
    Copper Contributor
    We've been experiencing the same thing. Since MS Defender was deployed to iOS Devices via Intune, the devices connection becomes almost unusable.

    As soon as the app is removed, the connection returns to normal and device is usable again.

    Hopefully a fix can be found soon.
    • rickside's avatar
      rickside
      Copper Contributor

      MarkTheITGuy The problem is not with Defender on iOS per se but instead with the ATP module (web content filtering). Microsoft provides a script for that. It can be downloaded here. The problem is, once a policy that contains that script is created in InTune and is applied to iOS devices, traffic becomes very slow and some sites don't even load (bank sites, news sites, etc.). If you let ATP enabled but remove the policy to filter the traffic it will work fine. However, the outbound traffic will not be inspected anymore.

      • MarkTheITGuy's avatar
        MarkTheITGuy
        Copper Contributor
        Thanks for the reply rickside - It makes sense what you're saying. The downside is that if we remove the policy, and leave the outbound traffic un-inspected, would that then mean that malicious links clicked from emails, that redirect to a malicious site, would then be allowed to load as normal?

        We've had a few incidents recently, where unaware users, clicked links in email, and also a couple from website popups, that were blocked by ATP so the user was protected.

        Just thinking if we turn it off, would these users (and there will be more) fall pray to these links?

        Thanks again, mate.
    • akash_singh_'s avatar
      akash_singh_
      Icon for Microsoft rankMicrosoft

      Hi, MarkTheITGuy ,

      Apologies for the inconvenience. This is not an expected behaviour, and we will like to investigate this issue further. It will be helpful if you can send us an in-app feedback using the steps outlined here along with Diagnostics Data enabled to allow us to identify the issue better: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365-worldwide#send-in-app-feedback 

      Please do mention the issues you are facing in the feedback such as network latencies, or if any particular set of apps is being affected by Defender.

       

      Thanks,

      Akash

      Microsoft Defender for Endpoint team

      • MarkTheITGuy's avatar
        MarkTheITGuy
        Copper Contributor
        Thanks, Akash.
        I've sent a couple of feedback requests. I needed to reinstall the app and sent another feedback request.

        As mentioned in the tickets. When the app is installed and enabled, we get many connection timeouts on a host of different sites using different browsers.

        I would say on average, 8/10 URLs visited, throw a connection error and time out.

        Thanks again for your reply.

Resources