Update: 12/15/2022 - Vulnerability assessment of apps on iOS devices is now generally available. To configure the feature, read the documentation.
Today, we are excited to announce the general availability of threat and vulnerability management support for Android and iOS in Microsoft Defender for Endpoint Plan 2. With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization - spanning workstations, servers, and mobile devices.
Threat and vulnerability management in Microsoft Defender for Endpoint continuously monitors and identifies impacted devices, assesses associated risks in the environment, and provides intelligent prioritization and integrated workflows to seamlessly remediate vulnerabilities. Microsoft iterates on these features based on the latest information from the threat landscape.
Vulnerability management support for Android and iOS is part of Microsoft Defender for Endpoint’s mobile threat defense solution, which enables customers to maintain a seamless and consistent experience across their device platforms.
Organizations now have access to the below vulnerability assessment capabilities:
Android:
- Vulnerability assessment of Android OS versions of onboarded Android devices.
- Vulnerability assessment of apps that are installed on onboarded Android devices.
- Note about privacy related to apps from personal devices (BYOD):
- For Android Enterprise with a work profile, apps installed only on the work profile will be supported.
- For other BYOD modes, by default vulnerability assessment of apps will not be available. However, in device administrator mode, admins can explicitly enable this feature through Microsoft Endpoint Manager to get the list of apps installed on the device. Visit our documentation to learn more.
iOS:
- Vulnerability assessment of iOS versions on onboarded iOS/iPadOS devices.
- Vulnerability assessment of apps installed on iOS devices.
- Note that Defender for Endpoint on iOS supports vulnerability assessments of apps only for enrolled (MDM) devices.
- To enable this feature, admins can follow these steps ,
- In Microsoft Endpoint Manager admin center, go to Endpoint Security > Microsoft Defender for Endpoint > Enable App sync for iOS/iPadOS devices.
- Additional steps needed for unsupervised devices,
- To get the list of all the Apps, admin needs to Enable the toggle for “Send full application inventory data” in Microsoft Endpoint Manager admin center
- Admin needs to disable privacy and collect the list of apps installed. By default, privacy is enabled.
- End Users will have to accept the privacy approval screen on their devices.
- To configure the feature, read the documentation.
Get started onboarding mobile devices to Microsoft Defender for Endpoint here.
Figure 1 Device Inventory - admins can check exposure level of onboarded mobile devices
Figure 2 Vulnerability management dashboard - access insights across devices