Updated 6/8/2022 – Removed preview as Microsoft Defender with App protection policies for iOS and Android is now generally available! We’ve also added Jailbreak detection in Microsoft Defender for Endpoint on iOS and VPN Auto onboarding in Microsoft Defender for Endpoint on iOS!
With the 2102 release of Microsoft Endpoint Manager, you can now configure the ability to send threat signals from Microsoft Defender for Endpoint to be used in your App Protection Policies (APP, also known as MAM) on Android and iOS/iPadOS.
Microsoft Defender for Endpoint on iOS and Android enables the App Protection Policy scenario and is now available in the Apple app store and Google play store respectively.
End-users should install the latest version of the app directly from the Google play store or Apple app store.
Types of threat detection available through MDE and how to turn it on:
Once this policy is targeted to a specific user, the end user will be required to:
Once activation is complete, Microsoft Defender for Endpoint will do a scan of the device to come up with a risk score. If the risk score meets the requirements set by the admin of Low, Medium, High, Secured, then the end user passes the conditions and gets access to their protected apps.
The check for if this device passes the configured conditions happens during App Protection Policy service check-in, or when the end user hits ‘Recheck’ after remediating their device.
Create and deploy app protection policies
Microsoft Defender for Endpoint on iOS
Microsoft Defender for Endpoint on Android
We are also excited to share the general availability of Jailbreak Detection capability in Microsoft Defender for Endpoint on iOS. This is a new capability to the list of threat detections provided by MDE listed above.
With this change, Microsoft Defender for Endpoint on iOS adds benefit of detecting both unmanaged and managed devices that are jailbroken. Microsoft Defender for Endpoint will also send a high-risk signal from devices that are detected as jailbroken which can feed into your App Protection Policy or Device Compliance Policy.
For more details, please refer to the documentation here.
As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Until now, end users needed to provide VPN permissions to allow the iOS apps to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the VPN profile to enrolled devices so that VPN related permissions will not have to be provided by end users, thus simplifying their onboarding experience.
For more details, please refer to the documentation here.
Let us know if you have any additional questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.
Blog updates:
6/8/21: Removed preview as Microsoft Defender with App protection policies for iOS and Android is now generally available! We’ve also added Jailbreak detection in Microsoft Defender for Endpoint on iOS and VPN Auto onboarding in Microsoft Defender for Endpoint on iOS!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.