Aug 24 2021 11:09 AM
Aug 24 2021 11:09 AM
Hi. We recently deployed MS Defender for Endpoint on all our iOS devices through Intune. However, since then, people are complaining their internet browsing experience is not good. It's slow, some sites take forever to load (when they do), etc. When we manually disable the Defender VPN connection, it's working again. How can we fix this issue? Thanks.
Sep 01 2021 11:33 AM
@bjork6 Can you please send an in app feedback regarding this issue. For sending the feedback, you can click on Profile picture at the top left -> Send Feedback -> I don't like something. Please enable "diagnostics data" switch in this page. It will allow us to investigate this issue further.
Oct 26 2021 12:53 PM
Oct 26 2021 01:02 PM
Hi, @MarkTheITGuy ,
Apologies for the inconvenience. This is not an expected behaviour, and we will like to investigate this issue further. It will be helpful if you can send us an in-app feedback using the steps outlined here along with Diagnostics Data enabled to allow us to identify the issue better: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/ios-troubleshoot?view=o365...
Please do mention the issues you are facing in the feedback such as network latencies, or if any particular set of apps is being affected by Defender.
Microsoft Defender for Endpoint team
Oct 26 2021 01:09 PM
Oct 26 2021 01:11 PM
Thanks @MarkTheITGuy . We will investigate the issue and reach out to you with our findings and remediations on our feedback channel.
Oct 26 2021 01:13 PM
@MarkTheITGuy The problem is not with Defender on iOS per se but instead with the ATP module (web content filtering). Microsoft provides a script for that. It can be downloaded here. The problem is, once a policy that contains that script is created in InTune and is applied to iOS devices, traffic becomes very slow and some sites don't even load (bank sites, news sites, etc.). If you let ATP enabled but remove the policy to filter the traffic it will work fine. However, the outbound traffic will not be inspected anymore.
Oct 26 2021 01:24 PM
Oct 26 2021 01:56 PM
Oct 26 2021 09:28 PM
@rickside @MarkTheITGuy , Currently there is a known issue with the content profile (script that you deploy from Intune) which is causing internet connectivity problems. We are looking into this issue. Meanwhile, you can un-deploy this profile to help resolve the internet connectivity problems. Please find more details here.
Also, even without the profile, Defender for Endpoint will still protect you from phishing in real-time leveraging the VPN capabilities. Hope this helps. Please revert back for further questions.
Oct 27 2021 03:04 AM
Oct 27 2021 03:12 AM - edited Oct 27 2021 03:12 AM
@sunayansingh Awesome. Thank You.
Feb 24 2022 08:17 PM - edited Feb 24 2022 08:18 PM
Hi @mohan_infosec , @rickside , Yes this is now resolved. Please find details here: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/ios-install?view=o365-worl...
Jul 15 2022 11:40 AM
Jul 15 2022 01:27 PM
@MWilkins you are absolutely right. On unsupervised devices, the VPN is still present, and it prevents access to random sites (news, banks, etc.). I tried to figure out a way to get rid of the VPN without breaking up Defender status and compliance policy in Intune without any success yet. For the moment, we told our affected users to temporarily disable the VPN when it is not working.