Defender for Endpoint on iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
Defender for Endpoint on iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint on iOS secure, up-to-date, performing as expected, and to support the service.
For more information about data storage, see Microsoft Defender for Endpoint data storage and privacy.
For more information on most common privacy questions about Microsoft Defender for Endpoint on Android and iOS mobile devices, see Microsoft Defender for Endpoint and your privacy on Android and iOS mobile devices.
Required data consists of data that is necessary to make Defender for Endpoint on iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps.
Here is a list of the types of data being collected:
Web page or Network information
- Domain name and IP address of the website only when a malicious connection or web page is detected.
Device and account information
- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following:
- Wi-Fi adapter MAC address
- Randomly generated globally unique identifier (GUID)
- Tenant, Device, and User information
- Azure Active Directory (AD) Device ID and Azure User ID – Uniquely identifies the device, User respectively at Azure Active directory.
- Azure tenant ID – GUID that identifies your organization within Azure Active Directory.
- Microsoft Defender for Endpoint org ID – Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify if there are issues affecting a select set of enterprises and the number of enterprises impacted.
- User Principal Name – Email ID of the user.
Product and service usage data
The following information is collected only for Microsoft Defender for Endpoint app installed on the device.
- App package info, including name, version, and app upgrade status.
- Actions done in the app.
- Crash report logs generated by iOS.
- Memory usage data.
Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself.
Optional diagnostic data includes:
- App, CPU, and network usage for Defender for Endpoint.
- Features configured by the admin for Defender for Endpoint.
Feedback Data is collected through in-app feedback provided by the user.
- The user’s email address, if they choose to provide it.
- Feedback type (smile, frown, idea) and any feedback comments submitted by the user.
For more information, see More on Privacy.