Update:12/15/2022 - Vulnerability assessment of apps on iOS devices is now generally available. To configure the feature, read the documentation.
Today, we are excited to announce the general availability ofthreat and vulnerability management support forAndroidand iOSin Microsoft Defender for Endpoint Plan 2. With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization - spanning workstations, servers, and mobile devices.
Threat and vulnerability management in Microsoft Defender for Endpoint continuously monitors and identifies impacted devices, assesses associated risks in the environment, and provides intelligent prioritization and integrated workflows to seamlessly remediate vulnerabilities. Microsoft iterates on these features based on the latest information from the threat landscape.
Vulnerability management support for Android and iOS is part of Microsoft Defender for Endpoint’s mobile threat defense solution, which enables customers to maintain a seamless and consistent experience across their device platforms.
Organizations now have access to the below vulnerability assessment capabilities:
Vulnerability assessment of Android OS versions of onboarded Android devices.
Vulnerability assessment of apps that are installed on onboarded Android devices.
Note about privacy related to apps from personal devices (BYOD):
For Android Enterprise with a work profile, apps installed only on the work profile will be supported.
For other BYOD modes, by default vulnerability assessment of apps will not be available. However, in device administrator mode, admins can explicitly enable this feature through Microsoft Endpoint Manager to get the list of apps installed on the device. Visit our documentation to learn more.
Vulnerability assessment of iOS versions on onboarded iOS/iPadOS devices.
Vulnerability assessment of apps installed on iOS devices.
Note that Defender for Endpoint on iOS supports vulnerability assessments of apps only for enrolled (MDM) devices.
To enable this feature, admins can follow these steps ,