New features available for MTD – Microsoft Defender for Endpoint on Android & iOS

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Microsoft Defender for Endpoint (MDE) for Android and iOS helps protect organizations and enterprise users by safeguarding their mobile devices from cyber threats. As the threat landscape evolves, our journey in providing the most complete and robust Mobile Threat Defense solution for our customers continues.


Taking our next step on this journey, we are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permissions and Disable Web protection.


Privacy Controls

Admins can setup privacy policies in Microsoft Defender for Endpoint on Android and iOS aligned to their organization’s needs while instilling confidence with end users that Microsoft respects their privacy and does not look at personal data. Additional granular controls are offered to further configure privacy settings so both admins and end users are in more control of the data being sent in threat reports.

  • iOS - Microsoft Defender for Endpoint on iOS enables Privacy Controls for both the admins and end users. This includes controls for enrolled Mobile Device Management (MDM) as well as unenrolled Mobile Application Management (MAM) devices. Admins can configure privacy settings for the phish and network reports while end users can configure the information shared with their organization through the Defender app settings. Privacy Controls in iOS.
  • Android - Microsoft Defender for Endpoint on Android also enables Privacy Controls for both admins and end users. Admins can now enable privacy controls for the phish report, malware report and network report while end users can enable controls through the Defender app settings See Privacy Controls in Android for Enrolled Devices for more details. 

Note: Similar privacy controls for Android unenrolled MAM devices are currently in previewTo learn more please review Privacy Controls for MAM.


Optional Permissions

Microsoft Defender for Endpoint now enables admins to skip some permissions in the onboarding flow. Before, addressing all the permissions used to be required by MDE.

  • iOS - With this feature, admins can deploy MDE on BYOD devices without enforcing the mandatory VPN permission during onboarding. End user can also onboard the app without these mandatory permissions and review those permissions later. Even if the user has skipped the VPN, the device will be able to onboard. This feature is only available for enrolled devices (MDM) currently. Please see Optional Permissions on iOS for MDM for more details.
  • Android - Microsoft Defender for Endpoint on Android enables Optional Permissions in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on Android devices with MAM policies without enforcing the mandatory VPN and accessibility permissions during onboarding. End users can onboard the app without the mandatory permissions and can review these permissions later. This feature is only available for unenrolled devices (MAM) currently. Please see Optional Permissions on Android for MAM for more details.


Disable Web Protection

Customers who do not want to setup a VPN, can configure to disable Web Protection and deploy MDE without that feature. Other MDE features will continue to work. On iOS, this configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Please see Disable Web Protection on iOS for more details. For Android, this feature is already available for MDM devices, however MAM can expect this feature to be coming soon.


We want to hear from you! Let us know what you think about this new wave of features.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.