Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Business provides advanced threat protection capabilities for devices, such as Windows and Mac clients. Defender for Business also includes mobile threat defense. Mobile threat defense capabilities help protect Android and iOS devices, without requiring you to use Microsoft Intune to onboard mobile devices.
In addition, mobile threat defense capabilities integrate with Microsoft 365 Lighthouse, where Cloud Solution Providers (CSPs) can view information about vulnerable devices and help mitigate detected threats.
What does mobile threat defense include?
The following table summarizes the capabilities that are included in mobile threat defense in Defender for Business:
| Capability | Android | iOS |
|---|---|---|
| Web Protection Anti-phishing, blocking unsafe network connections, and support for custom indicators. Web protection is turned on by default with web content filtering. |
|
|
| Malware protection Scanning for malicious apps (system apps included). |
|
|
| Jailbreak detection Detection of jailbroken devices. |
|
|
| Microsoft Defender Vulnerability Management Vulnerability assessment of onboarded mobile devices. Includes vulnerability assessments for operating systems and apps for Android and iOS. For more information, see Use your vulnerability management dashboard in Microsoft Defender for Business. |
|
¹ |
| Network Protection Protection against rogue Wi-Fi related threats and rogue certificates. Network protection is turned on by default with next-generation protection. As part of mobile threat defense, network protection also includes the ability to allow root certification authority and private root certification authority certificates in Intune. It also establishes trust with endpoints. |
² |
² |
| Unified alerting Alerts from all platforms are listed in the unified Microsoft Defender portal (https://security.microsoft.com). In the navigation pane, choose Incidents). For more information, see View and manage incidents in Microsoft Defender for Business |
|
|
| Conditional Access and conditional launch Conditional Access and conditional launch block risky devices from accessing corporate resources.
|
³ |
³ |
| Privacy controls Configure privacy in threat reports by controlling the data sent by Defender for Business. Privacy controls are available for admin and end users, and for both enrolled and unenrolled devices. |
³ |
³ |
| Integration with Microsoft Tunnel Integration with Microsoft Tunnel, a VPN gateway solution for Microsoft Intune. |
⁴ |
⁴ |
- ¹ Operating system vulnerabilities are included. Software/app vulnerabilities require Microsoft Intune.
- ² You can manage an allowlist of root certification authority certificates and private root certification authority certificates in Microsoft Intune.
- ³ Requires Microsoft Intune.
- ⁴ Requires Microsoft Intune. For more information, see Prerequisites for the Microsoft Tunnel in Intune.
How to get mobile threat defense capabilities
Mobile threat defense capabilities are now generally available to Defender for Business customers. Here's how to get these capabilities for your organization:
Make sure that Defender for Business finished provisioning. In the Microsoft Defender portal, go to Assets > Devices.
- The message, "Hang on! We're preparing new spaces for your data and connecting them" means Defender for Business isn't finished provisioning. The process can take up to 24 hours to complete.
- If you see a list of devices, or you're prompted to onboard devices, it means Defender for Business provisioning is complete.
Review, and if necessary, edit your next-generation protection policies.
Review, and if necessary, edit your firewall policies and custom rules.
Review, and if necessary, edit your web content filtering policy.
To onboard mobile devices, see the "Use the Microsoft Defender app" procedures in Onboard devices to Microsoft Defender for Business.