0
()

Conditional Access with Defender for Endpoint on Android

Microsoft Defender for Endpoint on Android along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability through Intune.

For more information about how to set up Defender for Endpoint on Android and Conditional Access, see Defender for Endpoint and Intune.

Configure custom indicators

 Note

Defender for Endpoint on Android only supports creating custom indicators for IP addresses and URLs/domains.

Defender for Endpoint on Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see Manage indicators.

Configure web protection

Defender for Endpoint on Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.

 Note

Defender for Endpoint on Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. For more information, see Configure web protection on devices that run Android.

Privacy Controls

 Important

Privacy Controls for Microsoft Defender for Endpoint on Android is in preview. The following information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Configure vulnerability assessment of apps for BYOD devices

From version 1.0.3425.0303 of Microsoft Defender for Endpoint on Android, you’ll be able to run vulnerability assessments of OS and apps installed on the onboarded mobile devices.

Discover More help  Overview of Microsoft Defender for Business (preview)

 Note

Vulnerability assessment is part of Threat and Vulnerability management in Microsoft Defender for Endpoint. On Android, this feature is currently in preview and may be substantially modified before it’s commercially released.

Notes about privacy related to apps from personal devices (BYOD):

  • For Android Enterprise with a work profile, only apps installed on the work profile will be supported.
  • For other BYOD modes, by default, vulnerability assessment of apps will not be enabled. However, when the device is on administrator mode, admins can explicitly enable this feature through Microsoft Endpoint Manager to get the list of apps installed on the device. Visit the documentation to learn more.

Configure privacy for device administrator mode

Use the following steps to enable vulnerability assessment of apps from devices in device administrator mode for targeted users.

 Note

By default, this is turned off for devices enrolled with device admin mode.

  1. In Microsoft Endpoint Manager admin center , go to Devices > Configuration profiles > Create profile and enter the following settings:
    • Platform: Select Android device administrator
    • Profile: Select “Custom” and click Create
  2. In the Basics section, specify a name and description of the profile.
  3. In the Configuration settings, select Add OMA-URI setting:
    • Name: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
    • OMA-URI: ./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode
    • Data type: Select Integer in the drop-down list.
    • Value: Enter 0 to disable privacy setting (By default, the value is 1)
  4. Click Next and assign this profile to targeted devices/users.

Configure privacy for Android Enterprise work profile

Defender for Endpoint supports vulnerability assessment of apps in the work profile. However, in case you want to turn this feature off for targeted users, you can use the following steps:

  1. In Microsoft Endpoint Manager admin center and go to Apps > App configuration policies > Add > Managed devices.
  2. Give the policy a name; Platform > Android Enterprise; select the profile type.
  3. Select Microsoft Defender for Endpoint as the target app.
  4. In Settings page, select Use configuration designer and add DefenderTVMPrivacyMode as the key and value type as Integer
    • To disable vulnerability of apps in the work profile, enter value as 1 and assign this policy to users. By default, this value is set to .
    • For users with key set as , Defender for Endpoint will send the list of apps from the work profile to the backend service for vulnerability assessment.
  5. Click Next and assign this profile to targeted devices/users.
Discover More help  Create custom reports using Power BI (Microsoft)

Turning the above privacy controls on or off will not impact the device compliance check or conditional access.

Configure privacy for phishing alert report

Privacy control for phish report can be used to disable the collection of domain name or website information in the phish threat report. This gives organizations the flexibility to choose whether they want to collect the domain name when a malicious or phish website is detected and blocked by Defender for Endpoint.

Configure privacy for phishing alert report on Android Device Administrator enrolled devices:

Use the following steps to turn it on for targeted users:

  1. In Microsoft Endpoint Manager admin center , go to Devices > Configuration profiles > Create profile and enter the following settings:
    • Platform: Select Android device administrator.
    • Profile: Select “Custom” and click Create.
  2. In the Basics section, specify a name and description of the profile.
  3. In the Configuration settings, select Add OMA-URI setting:
    • Name: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
    • OMA-URI: ./Vendor/MSFT/DefenderATP/DefenderExcludeURLInReport
    • Data type: Select Integer in the drop-down list.
    • Value: Enter 1 to enable privacy setting. The default value is 0.
  4. Click Next and assign this profile to targeted devices/users.

Using this privacy control will not impact the device compliance check or conditional access.

Configure privacy for phishing alert report on Android Enterprise work profile

Use the following steps to turn on privacy for targeted users in the work profile:

  1. In Microsoft Endpoint Manager admin center and go to Apps > App configuration policies > Add > Managed devices.
  2. Give the policy a name, Platform > Android Enterprise, select the profile type.
  3. Select Microsoft Defender for Endpoint as the target app.
  4. In Settings page, select Use configuration designer and add DefenderExcludeURLInReport as the key and value type as Integer.
    • Enter 1 to enable privacy. The default value is 0.
  5. Click Next and assign this profile to targeted devices/users.

Turning the above privacy controls on or off will not impact the device compliance check or conditional access.

Discover More help  Pilot Microsoft Defender for Cloud Apps with Microsoft 365 Defender

Configure privacy for malware threat report

Privacy control for malware threat report can be used to disable the collection of app details (name and package information) from the malware threat report. This gives organizations the flexibility to choose whether they want to collect the app name when a malicious app is detected.

Configure privacy for malware alert report on Android Device Administrator enrolled devices:

Use the following steps to turn it on for targeted users:

  1. In Microsoft Endpoint Manager admin center , go to Devices > Configuration profiles > Create profile and enter the following settings:
    • Platform: Select Android device administrator.
    • Profile: Select “Custom” and click Create.
  2. In the Basics section, specify a name and description of the profile.
  3. In the Configuration settings, select Add OMA-URI setting:
    • Name: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
    • OMA-URI: ./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport
    • Data type: Select Integer in the drop-down list.
    • Value: Enter 1 to enable privacy setting. The default value is 0.
  4. Click Next and assign this profile to targeted devices/users.

Using this privacy control will not impact the device compliance check or conditional access. For example, devices with a malicious app will always have a risk level of “Medium”.

Configure privacy for malware alert report on Android Enterprise work profile

Use the following steps to turn on privacy for targeted users in the work profile:

  1. In Microsoft Endpoint Manager admin center and go to Apps > App configuration policies > Add > Managed devices.
  2. Give the policy a name, Platform > Android Enterprise, select the profile type.
  3. Select Microsoft Defender for Endpoint as the target app.
  4. In Settings page, select Use configuration designer and add DefenderExcludeAppInReport as the key and value type as Integer
    • Enter 1 to enable privacy. The default value is 0.
  5. Click Next and assign this profile to targeted devices/users.

Using this privacy control will not impact the device compliance check or conditional access. For example, devices with a malicious app will always have a risk level of “Medium”.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

(Visited 1 times, 1 visits today)