Today we are excited to announce new Microsoft Defender for Endpoint capabilities that are generally available for Android and iOS that provide additional breach protection, reduce risk in your organization, simplify the end user experience, and offer secure access to on-prem resources.
First, customers will notice an updated look to the Microsoft Defender for Endpoint mobile app. The new experience helps end users better understand the capabilities the app provides and enables the user to be more aware of the security threats to their device. Microsoft’s mobile threat defense solution will continue to offer:
Protection against phishing coming from browsing, email, apps, and messaging platforms
Scans for malware and potentially unwanted apps (on Android)
Blocking of unsafe connections as well as access to sensitive data (on Android)
A unified security experience for SecOps in Microsoft 365 Defender
Figure 1: Microsoft Defender for Endpoint updated mobile app screens in light and dark mode.
Mobile application management support for non-Intune enrolled devices
We are pleased to announce the general availability of Microsoft Defender for Endpoint support for mobile application management (MAM) on Android and iOS. Prior to this update, Microsoft Defender for Endpoint worked on devices that were enrolled using Intune mobile device management (MDM) only.
With this update Microsoft Defender for Endpoint can protect an organization’s data within a managed application for those who aren’t using an MDM but are using Intune to manage mobile applications. It also extends support to customers who use other enterprise mobility management solutions such as AirWatch, MobileIron, MaaS360, and others, while still using Intune for mobile application management.
Microsoft Defender for Endpoint will continue to evaluate the device risk score based on threats identified on the device and will share that score with app protection policies. These polices provide an additional layer of breach protection by blocking access or selectively wiping a user’s corporate data.
For setup and configuration details read the blog post.
Jailbreak detection available for iOS
Jailbreaking an iOS device elevates root access that is granted to the user of the device. Once this happens, users can easily sideload potentially malicious applications and the iPhone won’t get critical, automatic iOS updates that may fix security vulnerabilities. These kinds of devices introduce additional risk and a higher probability of a breach to your organization. We are excited to share the general availability of the jailbreak detection capability in Microsoft Defender for Endpoint on iOS. This adds to the phishing protection that already exists.
Figure 2: Jailbreak alert in Microsoft 365 Defender
With this change, Microsoft Defender for Endpoint on iOS will detect both unmanaged and managed devices that are jailbroken. If it’s detected that a device is jail broken, an alert is surfaced to the security team in Microsoft 365 Defender. The device will then be considered as a high risk device and this risk score is shared with your app protection or device compliance policies so that you can block it from accessing corporate resources.
For more details, please refer to the documentation here.
Simplified onboarding for iOS users
As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Until now, end users needed to provide VPN permissions to allow the iOS app to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the VPN profile to enrolled devices so that VPN related permissions will not have to be provided by end users, thus simplifying their onboarding experience.
For more information, please refer to the documentation here.
Microsoft Tunnel VPN integration
Finally, we’re excited to share the general availability of Microsoft Tunnel VPN capabilities unified in the Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app – offering both mobile threat defense and the ability to access on-prem resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
Existing customers of Microsoft Defender for Endpoint, who are also licensed for Microsoft Tunnel, will see Tunnel capabilities in the Defender for Endpoint app on Android. Existing Tunnel customers will switch to using the Microsoft Defender for Endpoint app for VPN. They will not see any other changes to Tunnel features, it will simply now appear within the Defender for Endpoint app. IT administrators will be able to continue to use the Microsoft Endpoint Manager admin center to configure both Defender and Tunnel features. For additional details, read the blog announcing these changes.
We’re excited to share these new updates with you and continue to build on security capabilities across platforms. We look forward to hearing your feedback!
Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense in a single unified platform. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.