Site icon TheWindowsUpdate.com

Microsoft Defender for Endpoint risk signals available for your App protection policies

This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.

Updated 6/8/2022 – Removed preview as Microsoft Defender with App protection policies for iOS and Android is now generally available! We’ve also added Jailbreak detection in Microsoft Defender for Endpoint on iOS and VPN Auto onboarding in Microsoft Defender for Endpoint on iOS!

 

With the 2102 release of Microsoft Endpoint Manager, you can now configure the ability to send threat signals from Microsoft Defender for Endpoint to be used in your App Protection Policies (APP, also known as MAM) on Android and iOS/iPadOS.

 

Setting up Microsoft Defender for Endpoint for unenrolled devices

  1. Set up the connection from your Microsoft Endpoint Manager tenant to Microsoft Defender for Endpoint. This can be done either via Tenant Administration > Connectors and tokens > Microsoft Defender for Endpoint (under Cross platform) or Endpoint Security > Microsoft Defender for Endpoint (under Setup). Once your Connection status is set to Available, proceed. If you have been using Microsoft Defender for Endpoint for device compliance assessment up until now, your connector may already be set up. At present, Microsoft Endpoint Manager supports one Mobile Threat Defense or Microsoft Defender for Endpoint connector per platform.

    Figure 1 - Microsoft Defender for Endpoint connector status in the Microsoft Endpoint Manager admin center.

  2. To send threat signals from Microsoft Defender for Endpoint on targeted devices to APP, turn on the toggles under App Protection Policy Settings for the platforms you wish to configure. These capabilities are available for Android and iOS/iPadOS. Select Save. You should see Connection status is now set to Enabled.

    Figure 2 - Microsoft Defender for Endpoint connector status settings in the Microsoft Endpoint Manager admin center.

Create your App Protection Policy

  1. After your Microsoft Defender for Endpoint connector setup is complete, navigate to Apps > App protection policies (under Policy) to create a new policy or update an existing one.
  2. Select which platform, Apps, Data protection, Access requirements settings that your organization requires for your policy.
  3. Under Conditional launch > Device conditions, you will find the setting Max allowed device threat level. This will need to be configured to either Low, Medium, High, or Secured. The actions available to you will be Block access or Wipe data. You may see an informational dialog to make sure you have your connector set up prior to this setting take effect. If your connector is already set up, you may ignore this dialog.

    Figure 4 - Intune app protection policies - Mobile Threat Connector policy settings.

  4. Finish with Assignments and save your policy.

 

How to deploy the Defender app with this functionality

Microsoft Defender for Endpoint on iOS and Android enables the App Protection Policy scenario  and is now available in the Apple app store and Google play store respectively.

 

End-users should install the latest version of the app directly from the Google play store or Apple app store.

 

Threat detection capabilities

Types of threat detection available through MDE and how to turn it on:

 

 

End user experience

Once this policy is targeted to a specific user, the end user will be required to:

  1. Register their device with Azure Active Directory (Azure AD). This is not a device enrollment into Intune. This simply allows this device to have an Azure AD device ID which is required for this feature. If your organization has already configured Conditional Access for Android/iOS, your end users may already have Azure AD registered mobile devices.
  2. Install the Microsoft Defender for Endpoint app on their device.
  3. Activate the Microsoft Defender for Endpoint app in order to pass the condition required to access the app with their corporate account. This will involve signing into the app with corporate credentials, and accepting any required permissions.

 

Once activation is complete, Microsoft Defender for Endpoint will do a scan of the device to come up with a risk score. If the risk score meets the requirements set by the admin of Low, Medium, High, Secured, then the end user passes the conditions and gets access to their protected apps.

 

The check for if this device passes the configured conditions happens during App Protection Policy service check-in, or when the end user hits ‘Recheck’ after remediating their device.

 

More info and feedback

Create and deploy app protection policies

Microsoft Defender for Endpoint on iOS

Microsoft Defender for Endpoint on Android

Jailbreak Detection capability in Microsoft Defender for Endpoint

We are also excited to share the general availability of Jailbreak Detection capability in Microsoft Defender for Endpoint on iOS. This is a new capability to the list of threat detections provided by MDE listed above.

 

With this change, Microsoft Defender for Endpoint on iOS adds benefit of detecting both unmanaged and managed devices that are jailbroken. Microsoft Defender for Endpoint will also send a high-risk signal from devices that are detected as jailbroken which can feed into your App Protection Policy or Device Compliance Policy.

 

For more details, please refer to the documentation here.

 

Simplifying onboarding for iOS users

As a part of our commitment to continuously improve the experience for end users, we are now also simplifying end user onboarding. Until now, end users needed to provide VPN permissions to allow the iOS apps to provide anti-phishing protection. With this update, admins will be able to setup configuration and push the VPN profile to enrolled devices so that VPN related permissions will not have to be provided by end users, thus simplifying their onboarding experience.

 

For more details, please refer to the documentation here.

 

Let us know if you have any additional questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.

 

Blog updates:

6/8/21: Removed preview as Microsoft Defender with App protection policies for iOS and Android is now generally available! We’ve also added Jailbreak detection in Microsoft Defender for Endpoint on iOS and VPN Auto onboarding in Microsoft Defender for Endpoint on iOS!

Exit mobile version