Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

Mobile threat defense capabilities in Microsoft Defender for Business

Microsoft Defender for Business provides advanced threat protection capabilities for devices, such as Windows and Mac clients. Defender for Business also includes mobile threat defense. Mobile threat defense capabilities help protect Android and iOS devices, without requiring you to use Microsoft Intune to onboard mobile devices.

In addition, mobile threat defense capabilities integrate with Microsoft 365 Lighthouse, where Cloud Solution Providers (CSPs) can view information about vulnerable devices and help mitigate detected threats.

What does mobile threat defense include?

The following table summarizes the capabilities that are included in mobile threat defense in Defender for Business:

Capability Android iOS
Web Protection
Anti-phishing, blocking unsafe network connections, and support for custom indicators.
Web protection is turned on by default with web content filtering.		 ๐Ÿ‘ Image
 ๐Ÿ‘ Image
Malware protection
Scanning for malicious apps (system apps included).		 ๐Ÿ‘ Image
 ๐Ÿ‘ Image
Jailbreak detection
Detection of jailbroken devices.		 ๐Ÿ‘ Image
 ๐Ÿ‘ Image
Microsoft Defender Vulnerability Management
Vulnerability assessment of onboarded mobile devices. Includes vulnerability assessments for operating systems and apps for Android and iOS.
For more information, see Use your vulnerability management dashboard in Microsoft Defender for Business.		 ๐Ÿ‘ Image
 ๐Ÿ‘ Image
ยน
Network Protection
Protection against rogue Wi-Fi related threats and rogue certificates.
Network protection is turned on by default with next-generation protection.
As part of mobile threat defense, network protection also includes the ability to allow root certification authority and private root certification authority certificates in Intune. It also establishes trust with endpoints.		 ๐Ÿ‘ Image
ยฒ		 ๐Ÿ‘ Image
ยฒ
Unified alerting
Alerts from all platforms are listed in the unified Microsoft Defender portal (https://security.microsoft.com). In the navigation pane, choose Incidents).
For more information, see View and manage incidents in Microsoft Defender for Business		 ๐Ÿ‘ Image
 ๐Ÿ‘ Image
Conditional Access and conditional launch
Conditional Access and conditional launch block risky devices from accessing corporate resources.
  • Conditional Access policies require certain criteria to be met before a user can access company data on their mobile device.
  • Conditional launch policies enable your security team to block access or wipe devices that don't meet certain criteria.
  • Defender for Business risk signals can also be added to app protection policies.
 ๐Ÿ‘ Image
ยณ		 ๐Ÿ‘ Image
ยณ
Privacy controls
Configure privacy in threat reports by controlling the data sent by Defender for Business. Privacy controls are available for admin and end users, and for both enrolled and unenrolled devices.		 ๐Ÿ‘ Image
ยณ		 ๐Ÿ‘ Image
ยณ
Integration with Microsoft Tunnel
Integration with Microsoft Tunnel, a VPN gateway solution for Microsoft Intune.		 ๐Ÿ‘ Image
โด		 ๐Ÿ‘ Image
โด
  • ยน Operating system vulnerabilities are included. Software/app vulnerabilities require Microsoft Intune.
  • ยฒ You can manage an allowlist of root certification authority certificates and private root certification authority certificates in Microsoft Intune.
  • ยณ Requires Microsoft Intune.
  • โด Requires Microsoft Intune. For more information, see Prerequisites for the Microsoft Tunnel in Intune.

How to get mobile threat defense capabilities

Mobile threat defense capabilities are now generally available to Defender for Business customers. Here's how to get these capabilities for your organization:

  1. Make sure that Defender for Business finished provisioning. In the Microsoft Defender portal, go to Assets > Devices.

    • The message, "Hang on! We're preparing new spaces for your data and connecting them" means Defender for Business isn't finished provisioning. The process can take up to 24 hours to complete.
    • If you see a list of devices, or you're prompted to onboard devices, it means Defender for Business provisioning is complete.

  2. Review, and if necessary, edit your next-generation protection policies.

  3. Review, and if necessary, edit your firewall policies and custom rules.

  4. Review, and if necessary, edit your web content filtering policy.

  5. To onboard mobile devices, see the "Use the Microsoft Defender app" procedures in Onboard devices to Microsoft Defender for Business.

See also

Feedback

Was this page helpful?

Additional resources

  • Last updated on