New Mobile Threat Defense capabilities for Android & iOS

Update: As of 9/20/22, privacy controls and web protection configuration for Android MAM are now generally available.

Microsoft for Endpoint for Android and iOS helps protect organizations and enterprise users by safeguarding their mobile devices from cyber threats. As the threat landscape evolves, our journey in providing the most complete and robust Mobile Threat Defense solution for our customers continues.

Taking our next step on this journey, we are excited to announce a handful of new features that are generally available: Privacy Controls, Optional Permissions and Disable Web protection.

Privacy Controls

Admins can setup privacy policies in Microsoft for Endpoint on Android and iOS aligned to their organization's needs while instilling confidence with end users that Microsoft respects their privacy and does not look at personal data. Additional granular controls are offered to further configure privacy settings so both admins and end users are in more control of the data being sent in threat reports.

  • iOS – Microsoft for Endpoint on iOS enables Privacy Controls for both the admins and end users. This includes controls for enrolled Mobile Device Management (MDM) as well as unenrolled Mobile Application Management (MAM) devices. Admins can configure privacy settings for the phish and reports while end users can configure the information shared with their organization through the Defender app settings. Privacy Controls in iOS.
  • Android – Microsoft Defender for Endpoint on Android also enables Privacy Controls for both admins and end users. Admins can now enable privacy controls for the phish report, malware report and report while end users can enable controls through the Defender app settings See Privacy Controls in Android for Enrolled Devices for more details. Similar privacy controls for Android unenrolled MAM devices are also available. To learn more please review Privacy Controls for MAM.

Optional Permissions

Microsoft Defender for Endpoint now enables admins to skip some permissions in the onboarding flow. Before, addressing all the permissions used to be required by Defender for Endpoint.

  • iOS – With this feature, admins can deploy Defender for Endpoint on BYOD devices without enforcing the mandatory permission during onboarding. End user can also onboard the app without these mandatory permissions and review those permissions later. Even if the user has skipped the , the device will be able to onboard. This feature is only available for enrolled devices (MDM) currently. Please see Optional Permissions on iOS for MDM for more details.
  • Android – Microsoft Defender for Endpoint on Android enables Optional Permissions in the onboarding flow. Currently the permissions required by Defender for Endpoint are mandatory in the onboarding flow. With this feature, admin can deploy Defender for Endpoint on Android devices with MAM policies without enforcing the mandatory and accessibility permissions during onboarding. End users can onboard the app without the mandatory permissions and can review these permissions later. This feature is only available for unenrolled devices (MAM) currently. Please see Optional Permissions on Android for MAM for more details.

Disable Web Protection

Customers who do not want to setup a VPN, can configure to disable Web Protection and deploy Defender for Endpoint without that feature. Other Defender for Endpoint features will continue to work. On iOS, this configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Please see Disable Web Protection on iOS for more details. For Android, this feature is already available for MDM devices, however MAM can expect this feature to be coming soon.

We want to hear from you! Let us know what you think about this new wave of features.


This article was originally published by Microsoft's Defender for Endpoint Blog. You can find the original article here.