Blog Post

Microsoft Defender for Endpoint Blog
3 MIN READ

Mobile Network Protection for Defender for Endpoint on Android and iOS now Generally Available

Aparna_Harikumar's avatar
Jun 28, 2022

Update - 11/10/2022 - Mobile Network Protection for Defender for Endpoint on Android and iOS is now generally available.

 

The way organizations conduct business has changed dramatically over the past few years, with employees working from home or following a hybrid work model. This shift has made users more reliant on network connections for both personal and work commitments. This increased need for connecting to digital networks, while often convenient, has made users more prone to security risks.  Noting this trend, organizations are realizing the critical role that securing the network plays in managing the day-to-day operations and resilience of their business, especially when it comes to keeping their employees and data safe. 

 

As the world continues to make sense of the digital transformation, networks are becoming increasingly complex and provide a unique avenue for nefarious activity if left unattended. To combat this, Microsoft offers a mobile network protection feature in Defender for Endpoint that helps organizations identify, assess, and remediate endpoint weaknesses with the help of threat intelligence. 

We are delighted to announce that users can now benefit from this new feature on both Android and iOS platforms with Microsoft Defender for Endpoint.

This feature will provide users:

 

  • Protection against rogue Wi-Fi-related threats and rogue hardware like pineapple devices
  • Protection against malicious certificates that are installed or downloaded on Android
  • Notifications when a Wi-Fi-related threat is detected
  • An in-app guided experience to connect to secure networks
  • Remediation options to change networks when a network is determined as suspicious
  • A medium-priority alert when a suspicious network is detected, and an informational alert when an open network is detected 
  •  

 

How to configure mobile network protection


This feature provides flexibility for admins by offering the following controls:


Enable and disable the following:

  • The Network Protection feature 
  • Trust flow for allow-listing certificates on Android 
  • The open network detection and open network alerts 
  • The trust flow to trust access points for end users 
  • The trust flow to trust certificates (only on Android) for end users 
  • Privacy controls for end user

 

How to test out the mobile network protection

 

iOS

  • Upon successful login, users need to grant pre-existing onboarding permissions like allow notification permission to enable Defender for Endpoint to notify them when a threat is found. 
  • Once permission is accepted the user will see a page where permission is asked to collect diagnostic data for future product improvements. If the user opts out no data will be sent. 
  • Upon successful onboarding, users will see a new card and a tab labeled “Network Protection”. If Wi-Fi is OFF – In-app messaging will guide users to turn on the Wi-Fi from within the app. Once the Wi-Fi has been enabled, the Wi-Fi networks are scanned for threats and the scan results determine the device's state. 

 

Android: 

  • Users need to enable location permissions; this enables Defender for Endpoint to scan their networks and alert the users when there are WIFI-related threats. If the location permissions are denied by the user, Defender for Endpoint will only be able to provide limited protection against network threats and will only protect the users from rogue certificates. 
  • Once permission is accepted the user will see a page where permission is asked to collect diagnostic data for future product improvements. If the user opts out, no data will be sent. 
  • Once the app is installed on the device, users will see a new card and a tab labeled “Network Protection”. Tapping on the feature card will take users to a page where they can initiate a scan for all available networks and certificates. 
  • If Wi-Fi is OFF – In-app messaging will guide users to turn on the Wi-Fi from within the app. Once the Wi-Fi has been enabled, the Wi-Fi networks are scanned for threats and the scan results determine the device's state. 

 

Keep in mind

  • Microsoft strongly recommends enabling location permissions on Android devices. This setting can help protect against network-related threats 
  • Microsoft does not collect location information from users.

 

We want to hear your feedback! Tell us about your experience using Microsoft Defender for Endpoint’s latest Mobile Network Protection feature on your iOS and Android devices. If you have not started protecting your network connections, try it today, and let us know what you think. 

 

Updated Nov 10, 2022
Version 2.0
  • Hussiencorp's avatar
    Hussiencorp
    Copper Contributor

    Thanks great article 👍

    As I am not familiar with defender there is something I don't get here.

    You mentioned that users should connect wifi from within the app.

    What app exactly are we talking about here 😄?

     

     

  • DerkVanDerWoude's avatar
    DerkVanDerWoude
    Copper Contributor

    Since I've enabled the feature I have a lot of connectivity problems (twitter, skype, etc.) when connecting over WiFi (5G works), when I remove Defender for iOS every thing works again...

  • madhu_eit's avatar
    madhu_eit
    Copper Contributor

    I have configured this policy to enable Network Protection on my Android Phone but I still do not see the new Network Protection Card within the app. I only see App Security and Web Protection. Is this because this has not been rolled out to our tenancy yet?

     

     

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor

    Is there a similar offering for Windows 10\11 devices? I am particularly interested in protection against Man in the middle attacks and rogue wifi connections.