Microsoft Defender for Mobile Endpoints
We’ve written about Microsoft Defender for Endpoints and Microsoft Defender XDR. The Defender stack is a cybersecurity platform that encompasses several elements of antivirus protection. These are generally targeted toward enterprise computer networks in cloud-based or hybrid business environments. But Microsoft Defender is also available for mobile endpoints. Last summer it first became available for public preview in Android, and in December Microsoft announced its general availability for iOS devices. Here are some of the benefits of Microsoft Defender in the mobile realm.
Protection from Phishing Attacks
Mobile devices have unique threats, the biggest of which is phishing. A growing problem, over 85% of mobile phishing attacks take place outside of email. Instead, they appear in messaging apps, games, and other apps, as well as specific websites designed for phishing. Sometimes users’ apps connect to unsafe domains that the security team has no idea about. These are ways that Microsoft Defender for mobile can protect against this:
- Anti-phishing with SmartScreen. This screens against a list of reported phishing and malicious software sites, and checks for suspicious behavior. If anything is detected, the user is alerted and given the option to allow the connection anyway, report it as safe, or dismiss the notification. Security teams are also alerted through the Security Center.
- Unsafe connection blocking. Similarly, Defender will block unsafe automatic connections that apps sometimes make without the user’s intent. Users and security teams are likewise alerted and given options to proceed.
- Fine-tuned control with custom indicators. An extension of the custom indicator creation capability in Windows, this lets security teams choose specific URLs or domains to allow or block users from accessing.
Microsoft Defender will instantly scan for malware and potentially unwanted applications (PUA), checking both apps and files. It’s powered by deep learning to boost built-in mobile protections such as Android’s limitations on untrusted app installation. The additional technology and power of Defender brings more visibility and control, again letting the user know whether an app is safe or not.
Managing Sensitive Data
Defender integrates with Microsoft Endpoint Manager, which includes both Intune and Configuration Manager. This is especially helpful because it provides additional safeguards for sensitive information. These resources keep track of devices and whether they could be compromised. If Microsoft Defender finds malicious apps installed on a device, it will classify it as high-risk and flag it in the Security Center. Intune then puts this risk level assessment together with compliance policies and activates Conditional Access rules that block that device’s access to sensitive company data. As with other vulnerabilities, the user gets a notification and instructions on what to do. Once a malicious app is removed, access is automatically restored.
Centralized SecOps View
One of the things security teams like about Microsoft Defender is its Security Center, which is a single unified hub for viewing activity and vulnerabilities. Any alerts that users receive will also show up here. Security administrators can assess various aspects of each threat, including its name, severity, the alert process tree for it, file details, and any associated SHA information. They can also zone in on a particular device if desired, viewing the history of alerts and incidents associated with it.
How to Try Microsoft Defender for Endpoints
Many of these features may be more developed for Android devices, as Defender has been available for Android longer. But it’s definitely worth taking a look at for iOS too. You can test out Microsoft Defender for any Endpoint with a free trial. (See the latest MDE pricing news beyond the trial here.) Once you’re using MDE, opt in to enable preview features to include new enhancements and capabilities in your experience. Feel free to submit feedback to Microsoft on new or exisiting features as well, as they are always updating their offerings for continued improvement.
Leave a Comment