Microsoft Defender ATP for Android [Public Preview]

News Informatique

Microsoft Defender ATP for Android [Public Preview]

Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/

Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android

Key Capabilities

  • Web protection
  • Malware scanning
  • Blocking access to sensitive data
  • Unified SecOps experience

Prerequisites

Turn on the preview experience setting to be among the first to try upcoming features.

  • In the navigation pane, select Settings > Advanced features > Preview features.
  • Toggle the setting on On and select Save preferences.

Features

Web protection

Web protection capabilities in Microsoft Defender ATP for Android help to address these challenges with:

  1. Anti-phishing: Access to unsafe websites from SMS/text, WhatsApp, email, browsers, and other apps is instantly blocked. To do this, it will interact with Microsoft Defender SmartScreen service in order to determine whether a URL is potentially malicious.
  2. Blocking unsafe connections: The same Microsoft Defender SmartScreen technology is used to also block unsafe network connections that apps automatically might make on the user’s behalf without them knowing.
  3. Custom indicators: Security teams can create custom indicators, giving them more fine-grained control over allowing and blocking URLs and domains users connect to from their Android devices.
Unsafe site2.png

Malware scanning

Microsoft Defender ATP for Android uses cloud protection powered by deep learning and heuristics to provide coverage for low-fidelity signals which are inconclusively handled by signatures, in addition to offering signature based malware detection. This protection extends to both malicious apps and files on the device.

ThreatFound.png

Blocking access to sensitive data

When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as “high risk”. Microsoft Intune uses the device’s risk level in conjunction with pre-defined compliance polices to activate Conditional Access rules that block access to corporate assets from the high risk device. Once the malicious app is uninstalled, access to corporate assets is restored automatically for the mobile device.

Outlookblocked.png

Unified SecOps experience

All the alerts for phishing and malware on Android devices are surfaced in the Security Center portal including :

  • the name of the threat,
  • its severity,
  • the alert process tree for the incident,
  • and other additional context including file details and associated SHA information.

The experience is similar to Windows, Mac, and Linux.

MDSC_Android.png

What’s next ?

In the coming months, Microsoft will be rolling out more capabilities for Android and will be releasing Microsoft Defender ATP for iOS later this year !

Source

https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787

Blocking access to sensitive data – You can learn about how to set up this integration in this documentation.

0 23 June 2020
MDE

No Comments

Add your comment

Thibault CHÂTIRON

Expert Sécurité

À propos de moi

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts

Categories
AADConnect AIP Application Guard Azure Azure ATP Blockchain Conditional Access Copilot Delve DLP eDiscovery EntraID ethereum Exchange Online Graph API Guest Hello For Business Information barriers Insider Risk Management Intune MCAS MDE MDI MDO MFA Microsoft 365 Microsoft Threat Protection Non classé OneDrive Passwordless Prim'X Purview Sentinel SharePoint Online Solidity SSPR Windows Zed
Recent Posts
June 2020
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  
Categories
Archives

©  2024 Thibault Chatiron